I have successfully deployed Dell Storage Manager Data Collector. I am attempting to register our SSL certificate. I have created the public key and pkcs#12 with an alias. I keep getting the error certificate exception. I would like clarity on what exactly the requirements are for the pub key and pkcs#12 files. I use openssl to create the files.
We are seeing the same issue with DSM 2016 R2 [build 16.2.1228] I have tried using a wildcard and named host with the public cert in a couple different formats that listed as supported. It looks the system does not support Registered Certs.
Has anyone found a solution to this? We're experiencing this issue as well. Spent several hours on the phone with multiple Dell technicians who were equally stumped by this. They've escalated the case to higher level engineers.
In my case, I'm trying to register certificates signed by a third-party CA and we were speculating that maybe something with the CA's intermediate certificates were causing problems. However, we then tried creating simple self-signed certificates and DSM was not accepting those either.
One of the technicians provided the following steps which he said was used to solve the same issue for another customer (assumes a Windows server but I adjusted to do this all on Linux):
In OpenSSL from cmd prompt
openssl genrsa -out dsmkey.pem 2048
openssl req -key dsmkey.pem -new -out dsmcsr.req
On the CAS certreq -submit -attrib “Certificate Template:WebServer” "C:\Program Files\OpenSSL-Win64\bin\dsmcsr.req" named file cert.pem
In OpenSSL from cmd prompt
openssl pkcs12 -export -inkey "<C:\Program Files\OpenSSL-Win64\bin\dsmkey.pem>" -in cert.pem -out C:\Users\user\Desktop\dsmkey.pkcs12 -name "DSM"
Copied Files to Server
This did not work for me. We've tried every combination of certificates and formats without luck.
Unfortunately I haven't found a solution for this. I'm assuming it's bad code on the side of Dell. I put in a support ticket asking for the requirements for the cert and key; I have not received any feedback from Dell at all.
I have tried every option of cert/key type and combination, and I too have not been able to get Dell Storage Manager to allow us to use a proper third-party cert.
Using .p12 as the private key (keystore) but then requiring PEM/DER for the main cert is a strange thing to me. If I can use a .p12 (PKCS12) one place, I should just be able to use that solely, and then give access password for keystore. Otherwise, you should be asking for PEM/DER cert, and PEM key. Not halfway between these two. Also, OpenSSL doesn't necessarily export/produce "proper" PKCS12 files - there are some caveats.
All that to say, I cannot get this to work no matter what I've tried, and I really wish they would just except a proper PKCS12 file, or both private/public keys in PEM format.
openssl req -new -newkey rsa:2048 -keyout server.pem -out server.csr -days 365 (use server.csr to get server.cer as base 64 cert from windows CA) openssl pkcs12 -export -inkey server.pem -in server.cer -out server.pkcs12 -name DSMEDIT: Simple solution make sure the file extension of pkcs12 file is .p12