Article Number: 000125477
How to Create a Domain or Third-Party Certificate for Dell Data Security / Dell Data Protection Server
Summary: A certificate may be created for a Dell Data Security / Dell Data Protection server using these instructions.
Article Content
Symptoms
A Dell Data Security (formerly Dell Data Protection) server may use a certificate that is provided by a third-party or internal certificate authority (CA).
Affected Products:
Dell Security Management Server
Dell Security Management Server Virtual
Dell Data Protection | Enterprise Edition
Dell Data Protection | Virtual Edition
Affected Versions:
v8.0.0 to Later
Cause
Not applicable.
Resolution
To use a CA certificate, Dell Data Security server requires:
- A certificate signing request (CSR) to be submitted to the CA.
- A CA signed certificate (.cer) and private key to be converted to a Personal Information Exchange Format (PFX).
Click the appropriate action for more information.
To create a CSR:
- Right-click the Windows Start menu and then click Run.
- In the Run UI, type MMC and then press OK.
- From the Microsoft Management Console, select File, and then Add/Remove Snap-in.
- Select Certificates and then click Add.
- Select Computer account and then click Next.
- With Local computer selected, click Finish.
- Click OK.
- In Console Root, expand Certificates.
- Right-click Personal, select All Tasks, Advanced Operations, and then click Create Custom Request.
- Click Next.
- Under Custom Request, select Proceed without enrollment policy and then click Next.
- From the Custom request menu:
- Select template: (No template) Legacy key
- Select format: PKCS #10
- Click Next.
- Expand Details and then click Properties.
- In the General tab, populate the Friendly name and Description.
- In the Subject tab:
- From subject name, populate and then Add:
- Common name (CN)
- Organization
- Locality
- State
- Country
- From alternative name, populate the Dell Data Security server DNS and then click Add.
- From subject name, populate and then Add:
- In the Private Key tab:
- Expand Cryptographic Service Provider.
- Select Microsoft RSA SChannel Cryptographic Provider.
- Expand Key options.
- Select key size: 2048.
- Check Make private key exportable.
- Click OK.
- Click Next.
- Browse to a location to save the file and then click Finish.
Note: The CSR output can now be submitted to a third-party provider or internal certificate authority (CA).
To export a .pfx:
- Bring the CA signed certificate (.cer) to the machine where the CSR originated from.
- Right-click the .cer file and then click Install Certificate.
Note: certtest.cer is an example certificate name. The certificate name may differ in your environment.
- In the Certificate Import Wizard, select Local Machine and then click Next.
- Select:
- Select Place all certificates in the following store.
- Click Browse.
- Click Personal.
- Click OK.
- Click Next.
- Click Finish.
- Click OK.
- Right-click the Windows start menu and then click Run.
- In the Run UI, type MMC and then press OK.
- From Microsoft Management Console, select File, and then Add/Remove Snap-in.
- Select Certificates and then click Add.
- Select Computer Account and then click Next.
- With Local computer selected, click Finish.
- Click OK.
Note: Ensure the root certificate of the third-party provider or internal CA is installed in trusted root certificates.
- Go to Certificates, Personal, and then Certificates.
- Right-click the imported certificate (step 5), click All Tasks, and then click Export.
- Click Next.
- With Yes, export the private key selected, click Next.
- From the Export File Format menu:
- Select Personal Information Exchange - PKCS #12 (.PFX).
- Check Include all certificates in the certification path if possible.
- Check Export all extended properties.
- Click Next.
- Enter and confirm the Password. Once populated, click Next.
- Browse to a location to save the .pfx and then click Next.
- Click Finish.
- Click OK.
- If using:
- Dell Security Management Server Virtual (Formerly Dell Data Protection | Virtual Edition), go to Step 24
- Dell Security Management Server (Formerly Dell Data Protection | Enterprise Edition), the .pfx creation process is completed.
- To successfully upload a .pfx, Dell Security Management Server Virtual requires:
- A completed .pfx
- A third-party FTP (file transfer protocol) client.
- Examples of an FTP client include (but are not limited to):
- Filezilla
- WinSCP
- FireFTP
- Examples of an FTP client include (but are not limited to):
Note:
- Dell does not endorses or support any listed third-party product. The listed clients are meant to be an example of potential products a customer can use. Contact the product’s manufacturer for information about setup, configuration, and management.
- Your FTP Client UI may differ from the below screenshot examples.
- Launch the FTP client.
- In the FTP client, Log in with an FTP user to the Dell Security Management Server Virtual.
Note: An FTP user must be created within the Dell Security Management Server. Reference How to Create an FTP User in Dell Security Management Server Virtual / Dell Data Protection Virtual Edition for more information.
- Go to
/certificates/.
- Move the .pfx from where it was saved (Step 20) to /certificates/.
- Close the FTP client.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Additional Information
Videos
Article Properties
Affected Product
Dell Encryption
Last Published Date
20 Dec 2022
Version
10
Article Type
Solution