Data Domain: Managing Host Certificates for HTTP and HTTPS

Summary: Host certificates allow browsers and applications to verify the identity of a Data Domain system when establishing secure management sessions. HTTPS is enabled by default. The system can use either a self-signed certificate or an imported certificate from a trusted Certificate Authority (CA). This article explains how to check, generate, request, import, and delete certificates for HTTP/HTTPS on Data Domain systems. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Certificates may expire or become invalid. If no certificate is imported, the system uses a self-signed certificate, which browsers or integrated applications may not trust.

1. Check Existing Certificates.

On the Data Domain (DD-CLI), run the following command to view installed certificates:

adminaccess certificate show

If certificates are expired or nearing expiration:

  • If self-signed, regenerate using DD-CLI
  • If imported, follow the CSR and import steps below.

    2. Generate Self-Signed Certificates.

    To regenerate the HTTPS certificate:

    adminaccess certificate generate self-signed-cert

    To regenerate HTTPS and trusted CA certificates:

    adminaccess certificate generate self-signed-cert regenerate-ca

    3. Generate a Certificate Signing Request (CSR)

    Use DD System Manager:

    1. Set a passphrase, if not done already:
    system passphrase set
    1. Go to Administration > Access > Administrator Access.
    2. Select HTTPS > Configure > Certificate tab > Add.
    3. Click Generate the CSR for this Data Domain system.
    4. Complete the CSR form and download the file from:
    /ddvar/certificates/CertificateSigningRequest.csr

    CLI Alternative Example:

    adminaccess certificate cert-signing-request generate key-strength 2048bit country "CN" state "Shanghai" city "Shanghai" org-name "Dell EMC" org-unit "Dell EMC" common-name "ddve1.example.com" subject-alt-name "DNS:ddve1.example.com, DNS:ddve1"

    4. Import Signed Certificate

    Use DD System Manager:
    1. Select Administration > Access > Administrator Access
    2. In the Services area, select HTTPS and click Configure
    3. Select the Certificate tab
    4. Click Add. An Upload dialog appears:
    • For .p12 file:
      • Select Upload certificate as .p12 file, enter password, browse, and upload.
      • Example for .p12 selection:
    Upload certificate as.p12 file
    • For .pem file:
      • Select Upload public key as .pem file and use generated private key, browse, and upload.
    DD CLI alternative: Refer to article Data Domain: How to Generate a Certificate Signing Request and Use Externally Signed Certificates

    5. Delete Existing Certificate.

    Before adding a new certificate, delete the current certificate:

    1. Go to Administration > Access > Administrator Access > HTTPS > Configure > Certificate tab.
    2. Select certificate and click Delete.

    6. CSR Validation

    Validate CSR using Windows Command Prompt:

    certutil -dump <CSR file path>

    Additional Information

    • Private and public keys must be 2048 bits.
    • DDOS only supports an active CSR and a signed certificate for HTTPS at a time.

    Reference: Deployment KB: Data Domain: How to use externally signed certificates

    Affected Products

    Data Domain
    Article Properties
    Article Number: 000205198
    Article Type: How To
    Last Modified: 08 Jun 2026
    Version:  8
    Find answers to your questions from other Dell users
    Support Services
    Check if your device is covered by Support Services.