stantiques
1 Copper

Dell Storage Manager Data Collector - Registered Certificate

I have successfully deployed Dell Storage Manager Data Collector.  I am attempting to register our SSL certificate.  I have created the public key and pkcs#12 with an alias.  I keep getting the error certificate exception.  I would like clarity on what exactly the requirements are for the pub key and pkcs#12 files.  I use openssl to create the files.

Thank you.

7 Replies
nbc123
1 Copper

RE: Dell Storage Manager Data Collector - Registered Certificate

We are seeing the same issue with DSM 2016 R2 [build 16.2.1228]  I have tried using a wildcard and named host with the public cert in a couple different formats that listed as supported.  It looks the system does not support Registered Certs.

0 Kudos
bobst_its
2 Bronze

RE: Dell Storage Manager Data Collector - Registered Certificate

Has anyone found a solution to this?  We're experiencing this issue as well.  Spent several hours on the phone with multiple Dell technicians who were equally stumped by this.  They've escalated the case to higher level engineers.

In my case, I'm trying to register certificates signed by a third-party CA and we were speculating that maybe something with the CA's intermediate certificates were causing problems.  However, we then tried creating simple self-signed certificates and DSM was not accepting those either.

One of the technicians provided the following steps which he said was used to solve the same issue for another customer (assumes a Windows server but I adjusted to do this all on Linux):

In OpenSSL from cmd prompt

openssl genrsa -out dsmkey.pem 2048

openssl req -key dsmkey.pem -new -out dsmcsr.req

On the CAS certreq -submit -attrib “Certificate Template:WebServer” "C:\Program Files\OpenSSL-Win64\bin\dsmcsr.req" named file cert.pem

In OpenSSL from cmd prompt

openssl pkcs12 -export -inkey "<C:\Program Files\OpenSSL-Win64\bin\dsmkey.pem>" -in cert.pem -out C:\Users\user\Desktop\dsmkey.pkcs12 -name "DSM"

Copied Files to Server

Cert.pem Dsmkey.pkcs12

This did not work for me.  We've tried every combination of certificates and formats without luck.

stantiques
1 Copper

RE: Dell Storage Manager Data Collector - Registered Certificate

Unfortunately I haven't found a solution for this.  I'm assuming it's bad code on the side of Dell.  I put in a support ticket asking for the requirements for the cert and key; I have not received any feedback from Dell at all.

0 Kudos
farewelldave
1 Copper

RE: Dell Storage Manager Data Collector - Registered Certificate

I have tried every option of cert/key type and combination, and I too have not been able to get Dell Storage Manager to allow us to use a proper third-party cert.

Using .p12 as the private key (keystore) but then requiring PEM/DER for the main cert is a strange thing to me. If I can use a .p12 (PKCS12) one place, I should just be able to use that solely, and then give access password for keystore. Otherwise, you should be asking for PEM/DER cert, and PEM key. Not halfway between these two. Also, OpenSSL doesn't necessarily export/produce "proper" PKCS12 files - there are some caveats.

All that to say, I cannot get this to work no matter what I've tried, and I really wish they would just except a proper PKCS12 file, or both private/public keys in PEM format.

0 Kudos
hfeldman
1 Copper

RE: Dell Storage Manager Data Collector - Registered Certificate

Anyone get this to work yet?

0 Kudos
Highlighted
hutcha4113
2 Iron

RE: Dell Storage Manager Data Collector - Registered Certifi

Any updates to this one?  I would like to put a Certificate from our Windows CA into Dell DSM.  

0 Kudos
JCormie
1 Copper

Re: Dell Storage Manager Data Collector - Registered Certificate

Data collector version 18.1.20.114 I have the same issue. I've tried the following
openssl req -new -newkey rsa:2048 -keyout server.pem -out server.csr -days 365
(use server.csr to get server.cer as base 64 cert from windows CA)
openssl pkcs12 -export -inkey server.pem -in server.cer -out server.pkcs12 -name DSM
EDIT: Simple solution make sure the file extension of pkcs12 file is .p12
0 Kudos