Procedure for replacing self-signed certificates for SMI-S

Summary: This is a procedure for replacing the self-signed certificate for the SMI-S Provider. There is an addition for embedded instances of SMI-S, and the additional restrictions for embedded instances. ...

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Δείτε άλλους πόρους

Instructions

  1. Re-create the self-signed certificate with your details.
    1. Connect to:
      1. https://<IP_of_instance>:5989/ECOMConfig
      2. Login
      3. Default Credentials:
        1. Username: Admin
        2. Password: #1Password
    2. Go to SSL Certificate Management
      1. The page looks like the following:
        1. Screenshot of ECOM GUI
      2. To rebuild the certificate with your details, click the "Generate a certificate signing request: in Option #1:
        1. Enter in the details that you need for the certificate and click Generate
        2. Copy the CSR details and take it to your CA to get signed.
      3. Copy the CSR details to your CA and get the certificate signed
  2. Once signed, download the certificate chain and separate the Tomcat (server certificate), Intermediate, and Root into separate files (.cer is the standard file format).
  3. With files separated, the import process can be started.
  4. Import process
    1. On the SSL Certificate Management Page
      1. Import the Root certificate using Option #3
      2. Import the Intermediate certificate using Option #3
      3. Import the Tomcat (server certificate) using Option #1 "Import Signed Certificate"
    2. After that process is done, restart the ECOM service.
      1. In windows, this is done using services.msc
      2. In Linux this is done with the systemctl command
      3. In vApp instances, you use the vApp Manager page on 5480.
      4. For Embedded instances see Addendum 1 at the bottom.
    3. Once SMI-S is back online, confirm that the certificate shared through the browser has the same details that you entered earlier.
  5. Once SMI-S is online again, open a new tab to check if ECOM shows as secure:
    1. Browser lock show secure connection

Addendum 1: ECOM certificate process for Embedded instances


With embedded instances, there are two containers, MGMT-0 and MGMT-1. Each container has its own IP address to connect through, however, the IP and Ports are automatically adjusted using NAT. This means that both IPs addresses autoroute the connection to the active container. Because of this automatic routing, only one container SMI-S certificate can be updated at a time. Also, when you reboot the container the services failover to the other container which means you must perform the steps twice for each step.
The Active container is the side with SMASDB and SMAS running. This can be checked in the vApp Manager page login > Manage > Daemons. Each container vApp Manager page can be accessed by the specific IP and port 5480.

For a quick Diagram on the container use and IP NAT please see below:
Diagram of container NAT addresses 
As shown the IP Address XXX and YYY both go to container MGMT-0 as that is the active container. If a container reboot was performed on MGMT-0, then both XXX and YYY would automatically route to container MGMT-1 as that is the active container.
Since both MGMT-0 and MGMT-1 have their own SMI-S install, the certificates must be rebuilt on both containers, but only one at a time as only the Active container can be accessed.

The process for the SMI-S embedded instance is as follows.

  1. Create the self-signed certificate with your details and collect the CSR.
    1. Connect to:
      1. https://<IP_of_instance>:5989/ECOMConfig
      2. Login
      3. Default Credentials:
        1. Username: Admin
        2. Password: #1Password
    2. Go to SSL Certificate Management
      1. To rebuild the certificate with your details, click the "Generate a certificate signing request" in Option #1
        1. Enter in the details that you need for the certificate and click Generate
        2. Copy the CSR details and take it to your CA to get signed.
      2. Copy the CSR details to your CA and get the certificate signed
  2. Once signed, download the certificate chain and separate the Tomcat (server certificate), Intermediate, and Root into separate files (.cer is the standard file format).
  3. With files separated, the import process can be started.
  4. Import process:
    1. On the SSL Certificate Management Page
      1. Import the Root certificate using Option #3
      2. Import the Intermediate certificate using Option #3
      3. Import the Tomcat (server certificate) using Option #1 "Import Signed Certificate"
    2. After that process is done, please restart the ECOM service.
      1. For this, you must connect to the Active container. Hover over the arrow going in a circle in the top right-hand corner.
      2. Click "Restart Appliance"
  5. When SMI-S comes back online the certificate will NOT show secure, and we are now on the other container that was previously inaccessible. Please start at step 1 again.
    1. When you perform the "Restart Appliance" on the second container, the services fail back to the original container that you were working with, and you must proceed with the rest of the steps.
  6. Once SMI-S is online again open a new Tab to check if ECOM shows as secure.
    1. Browser lock indicating secure connection


 

Επηρεαζόμενα προϊόντα

SMI-S Provider
Ιδιότητες άρθρου
Article Number: 000195984
Article Type: How To
Τελευταία τροποποίηση: 13 Νοε 2025
Version:  6
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.