Dell Storage Manager Data Collector - Registered Certificate

Unfortunately I haven't found a solution for this.  I'm assuming it's bad code on the side of Dell.  I put in a support ticket asking for the requirements for the cert and key; I have not received any feedback from Dell at all.

Has anyone found a solution to this?  We're experiencing this issue as well.  Spent several hours on the phone with multiple Dell technicians who were equally stumped by this.  They've escalated the case to higher level engineers.

In my case, I'm trying to register certificates signed by a third-party CA and we were speculating that maybe something with the CA's intermediate certificates were causing problems.  However, we then tried creating simple self-signed certificates and DSM was not accepting those either.

One of the technicians provided the following steps which he said was used to solve the same issue for another customer (assumes a Windows server but I adjusted to do this all on Linux):

In OpenSSL from cmd prompt

openssl genrsa -out dsmkey.pem 2048

openssl req -key dsmkey.pem -new -out dsmcsr.req

On the CAS certreq -submit -attrib “Certificate Template:WebServer” "C:\Program Files\OpenSSL-Win64\bin\dsmcsr.req" named file cert.pem

In OpenSSL from cmd prompt

openssl pkcs12 -export -inkey "" -in cert.pem -out C:\Users\user\Desktop\dsmkey.pkcs12 -name "DSM"

Copied Files to Server

Cert.pem Dsmkey.pkcs12

This did not work for me.  We've tried every combination of certificates and formats without luck.

I have tried every option of cert/key type and combination, and I too have not been able to get Dell Storage Manager to allow us to use a proper third-party cert.

Using .p12 as the private key (keystore) but then requiring PEM/DER for the main cert is a strange thing to me. If I can use a .p12 (PKCS12) one place, I should just be able to use that solely, and then give access password for keystore. Otherwise, you should be asking for PEM/DER cert, and PEM key. Not halfway between these two. Also, OpenSSL doesn't necessarily export/produce "proper" PKCS12 files - there are some caveats.

All that to say, I cannot get this to work no matter what I've tried, and I really wish they would just except a proper PKCS12 file, or both private/public keys in PEM format.

Anyone get this to work yet?

Any updates to this one?  I would like to put a Certificate from our Windows CA into Dell DSM.  

openssl req -new -newkey rsa:2048 -keyout server.pem -out server.csr -days 365
(use server.csr to get server.cer as base 64 cert from windows CA)
openssl pkcs12 -export -inkey server.pem -in server.cer -out server.pkcs12 -name DSM

I got it working this way...

Dell DSM SSL Cert from Windows Enterprise Certificate Authority

PRE REQ: Install the latest version of OpenSSL from https://slproweb.com/products/Win32OpenSSL.html (I tested with v1.1.0j)

1. Open a Windows Command Prompt

2. Create/Change to an new directory with just the following DellDSM.cfg file - edit the alt_names & req_distinguished_name sections as required:

## - DellDSM.cfg

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = mc-ddsm-v-201.momusconsulting.com
DNS.2 = mc-ddsm-v-201
IP.1 = 10.1.1.90

[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Hampshire
localityName = Basingstoke
0.organizationName = Momus Consulting
organizationalUnitName = Momus Labs
commonName = mc-ddsm-v-201.momusconsulting.com

##

3. Create the CSR and Private Key Files:

openssl.exe req -new -nodes -out DellDSM.csr -keyout DellDSM-orig.key -config DellDSM.cfg

4. Convert the Private Key File to the correct RSA format:

openssl.exe rsa -in DellDSM-orig.key -out DellDSM.key

5. Provide the DellDSM.csr file to your Windows Enterprise Certificate Authority (Root CA or Inter/Sub CA), use the Web Server template (The default template is a 2 year certificate, create a 5 year template if you wish) and save the signed certificate as a Base64 Certificate (NOT a chain). Call this file DellDSM.cer

6. Create a pkcs12 .p12 File:

openssl.exe pkcs12 -export -in DellDSM.cer -inkey DellDSM.key -name "DellDSM" -passout pass:DellDSM -out DellDSM.p12

7. Login to Dell DSM (Unisphere Central for SC Series) - I am using the DSM Virtual Appliance (VA 19.1.20.30).

8. Navigate to Data Collector | General Tab | Security Tab | Registered Certificate | Edit

Public Key (X.509 - DER, PEM) = DellDSM.cer
Private Key (PKCS#12) = DellDSM.p12
Alias = DellDSM
Password = DellDSM

9. Hit OK. Wait a minute or two, close the browser and re-open the Dell DSM logon page.

10. Certificate should have changed/be valid.

This was perfect for us. Thanks!!!!

@martinco-cae 

Thank you so much,

that is perfectly working for me!