Unsolved
This post is more than 5 years old
3 Posts
2
8193
Dell Storage Manager Data Collector - Registered Certificate
I have successfully deployed Dell Storage Manager Data Collector. I am attempting to register our SSL certificate. I have created the public key and pkcs#12 with an alias. I keep getting the error certificate exception. I would like clarity on what exactly the requirements are for the pub key and pkcs#12 files. I use openssl to create the files.
Thank you.
nbc123
1 Message
0
December 23rd, 2016 09:00
We are seeing the same issue with DSM 2016 R2 [build 16.2.1228] I have tried using a wildcard and named host with the public cert in a couple different formats that listed as supported. It looks the system does not support Registered Certs.
stantiques
3 Posts
0
January 25th, 2017 07:00
Unfortunately I haven't found a solution for this. I'm assuming it's bad code on the side of Dell. I put in a support ticket asking for the requirements for the cert and key; I have not received any feedback from Dell at all.
bobst_its
30 Posts
1
January 25th, 2017 07:00
Has anyone found a solution to this? We're experiencing this issue as well. Spent several hours on the phone with multiple Dell technicians who were equally stumped by this. They've escalated the case to higher level engineers.
In my case, I'm trying to register certificates signed by a third-party CA and we were speculating that maybe something with the CA's intermediate certificates were causing problems. However, we then tried creating simple self-signed certificates and DSM was not accepting those either.
One of the technicians provided the following steps which he said was used to solve the same issue for another customer (assumes a Windows server but I adjusted to do this all on Linux):
In OpenSSL from cmd prompt
openssl genrsa -out dsmkey.pem 2048
openssl req -key dsmkey.pem -new -out dsmcsr.req
On the CAS certreq -submit -attrib “Certificate Template:WebServer” "C:\Program Files\OpenSSL-Win64\bin\dsmcsr.req" named file cert.pem
In OpenSSL from cmd prompt
openssl pkcs12 -export -inkey "" -in cert.pem -out C:\Users\user\Desktop\dsmkey.pkcs12 -name "DSM"
Copied Files to Server
Cert.pem Dsmkey.pkcs12
This did not work for me. We've tried every combination of certificates and formats without luck.
farewelldave
1 Message
0
February 2nd, 2017 16:00
I have tried every option of cert/key type and combination, and I too have not been able to get Dell Storage Manager to allow us to use a proper third-party cert.
Using .p12 as the private key (keystore) but then requiring PEM/DER for the main cert is a strange thing to me. If I can use a .p12 (PKCS12) one place, I should just be able to use that solely, and then give access password for keystore. Otherwise, you should be asking for PEM/DER cert, and PEM key. Not halfway between these two. Also, OpenSSL doesn't necessarily export/produce "proper" PKCS12 files - there are some caveats.
All that to say, I cannot get this to work no matter what I've tried, and I really wish they would just except a proper PKCS12 file, or both private/public keys in PEM format.
hfeldman
1 Message
0
August 24th, 2017 14:00
Anyone get this to work yet?
hutcha4113
49 Posts
0
January 15th, 2019 06:00
Any updates to this one? I would like to put a Certificate from our Windows CA into Dell DSM.
JCormie
2 Posts
0
June 28th, 2019 08:00
martinco-cae
5 Posts
2
July 8th, 2020 07:00
I got it working this way...
Dell DSM SSL Cert from Windows Enterprise Certificate Authority
PRE REQ: Install the latest version of OpenSSL from https://slproweb.com/products/Win32OpenSSL.html (I tested with v1.1.0j)
1. Open a Windows Command Prompt
2. Create/Change to an new directory with just the following DellDSM.cfg file - edit the alt_names & req_distinguished_name sections as required:
## - DellDSM.cfg
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = mc-ddsm-v-201.momusconsulting.com
DNS.2 = mc-ddsm-v-201
IP.1 = 10.1.1.90
[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Hampshire
localityName = Basingstoke
0.organizationName = Momus Consulting
organizationalUnitName = Momus Labs
commonName = mc-ddsm-v-201.momusconsulting.com
##
3. Create the CSR and Private Key Files:
openssl.exe req -new -nodes -out DellDSM.csr -keyout DellDSM-orig.key -config DellDSM.cfg
4. Convert the Private Key File to the correct RSA format:
openssl.exe rsa -in DellDSM-orig.key -out DellDSM.key
5. Provide the DellDSM.csr file to your Windows Enterprise Certificate Authority (Root CA or Inter/Sub CA), use the Web Server template (The default template is a 2 year certificate, create a 5 year template if you wish) and save the signed certificate as a Base64 Certificate (NOT a chain). Call this file DellDSM.cer
6. Create a pkcs12 .p12 File:
openssl.exe pkcs12 -export -in DellDSM.cer -inkey DellDSM.key -name "DellDSM" -passout pass:DellDSM -out DellDSM.p12
7. Login to Dell DSM (Unisphere Central for SC Series) - I am using the DSM Virtual Appliance (VA 19.1.20.30).
8. Navigate to Data Collector | General Tab | Security Tab | Registered Certificate | Edit
Public Key (X.509 - DER, PEM) = DellDSM.cer
Private Key (PKCS#12) = DellDSM.p12
Alias = DellDSM
Password = DellDSM
9. Hit OK. Wait a minute or two, close the browser and re-open the Dell DSM logon page.
10. Certificate should have changed/be valid.
tld212s
11 Posts
1
January 6th, 2021 11:00
This was perfect for us. Thanks!!!!
SlyBjorn
1 Message
1
February 3rd, 2021 08:00
@martinco-cae
Thank you so much,
that is perfectly working for me!