PowerStore: Reverting Third-Party Management Certificate to Self-Signed

Note: For clusters with a remote system object, run a Verify and Update process before starting. If the Verify and Update fails, resolve that before proceeding with the certificate replacement.

Open a PSTCLI connection to PowerStore. Do this from the service shell on the appliance or from a workstation with the PSTCLI plug-in installed and connected to the management network. Use the following command:

pstcli -d <cluster management IP> -session

After entering an administrator credential the command changes your prompt to:

cli>

Run the following command to check the current certificates:

cli> x509_certificate show

The command output returns the list of current certificates on the appliance:

cli> x509_certificate show
 #  |                  id                  |         type         |     service      | is_current | is_valid
----+--------------------------------------+----------------------+------------------+------------+----------
  1 | af54dc96-a699-477a-b964-ffb4d84e867f | Server               | Management_HTTP  | no         | no      
  2 | 3126a72e-c5c6-49fd-8588-83c7fc54286c | Server               | Management_HTTP  | yes        | yes     
  3 | 206c6ac1-9894-44e7-8ce7-a79e40a01530 | Server               | Management_HTTP  | yes        | yes     
  4 | 4e8d100e-e0b6-41f6-8b12-b363ae79c748 | CA_Client_Validation | Replication_HTTP | yes        | yes     
  5 | e1451f9f-dad9-41be-8871-22eb8eda98b2 | CA_Server_Validation | Replication_HTTP | yes        | yes     
  6 | c968584b-1cba-486e-bdd4-b243585081bd | Server               | VASA_HTTP        | yes        | yes     
  7 | 6fc8118c-7d82-4ab2-8868-943cc83afc77 | CA_Server_Validation | Replication_HTTP | yes        | yes     
  8 | 00cb3262-c631-4f7b-9a76-13e4e29d09d2 | CA_Client_Validation | Replication_HTTP | yes        | yes     
  9 | 21999f77-cd1d-46d3-8b07-10d0431abf7c | CA_Server_Validation | Import_HTTP      | yes        | yes     
 10 | e19110de-f58c-4558-b51a-78feca86f166 | Client               | Replication_HTTP | yes        | yes 

Next, run the following command to replace the management certificate:

cli> x509_certificate reset_certificates -service Management_HTTP -scope External

This reverts your certificate from the third-party certificate to a self-signed. Running the show command again shows different certificate IDs for the management_HTTP certificates that were current and valid:

cli> x509_certificate show
 #  |                  id                  |         type         |     service      | is_current | is_valid
----+--------------------------------------+----------------------+------------------+------------+----------
  1 | af54dc96-a699-477a-b964-ffb4d84e867f | Server               | Management_HTTP  | no         | no      
  2 | 48929a4d-c8eb-41ab-b0f6-e39157742e05 | Server               | Management_HTTP  | yes        | yes     
  3 | fa474287-9035-404d-a007-fa971e62ce43 | Server               | Management_HTTP  | yes        | yes      
  4 | 4e8d100e-e0b6-41f6-8b12-b363ae79c748 | CA_Client_Validation | Replication_HTTP | yes        | yes     
  5 | e1451f9f-dad9-41be-8871-22eb8eda98b2 | CA_Server_Validation | Replication_HTTP | yes        | yes     
  6 | c968584b-1cba-486e-bdd4-b243585081bd | Server               | VASA_HTTP        | yes        | yes     
  7 | 6fc8118c-7d82-4ab2-8868-943cc83afc77 | CA_Server_Validation | Replication_HTTP | yes        | yes     
  8 | 00cb3262-c631-4f7b-9a76-13e4e29d09d2 | CA_Client_Validation | Replication_HTTP | yes        | yes     
  9 | 21999f77-cd1d-46d3-8b07-10d0431abf7c | CA_Server_Validation | Import_HTTP      | yes        | yes     
 10 | e19110de-f58c-4558-b51a-78feca86f166 | Client               | Replication_HTTP | yes        | yes     
 

Contact Dell Technical support with any questions or issues using this process.