PowerFlex 3.x How to replace a LIA certificate with a CA -signed certificate

Steps:

1.Submit the LIA Certificate Signing Request (CSR) to the CA for signing.
A CSR is created automatically when the default LIA self-signed certificate is generated.
The CSR, lia_certificate.csr, can be found in the cfg directory, under the LIA installation directory.
The CA is expected to return the following:
Signed LIA certificate.
CA certificate chain is required to trust the signed LIA certificate.

2.Add all CA certificates in the chain to the IM truststore, using Keytool.
For more information, see the "Configure and Customize Dell PowerFlex" guide.

3.Save the LIA encrypted private key from cfg/lia_certificate.pem.
The file is replaced at a later step.
The key is Base64-encoded data between the begin and end ENCRYPTED PRIVATE KEY lines, inclusive.

For example:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5SSCAPDASwACAggA
MBQGCCqGSIb3DQMHBAiTWbqjhbc9QwSCBMhbTlJ3J+vBhRCsqkOkGdGcEV421hNr
Xe2qZ7D4z6xOdX+NM1bU+ZDzMcbG62wZKKuL2dbK2pPda1m4VgaahODearzIQoS4
(…)
-----END ENCRYPTED PRIVATE KEY-----


4.Append the LIA encrypted private key to the file containing the CA-signed certificate.
The file is expected to include both the encrypted private key and CA-signed certificate, in PEM format.

For example:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5SSCAPDASwACAggA
MBQGCCqGSIb3DQMHBAiTWbqjhbc9QwSCBMhbTlJ3J+vBhRCsqkOkGdGcEV421hNr
Xe2qZ7D4z6xOdX+NM1bU+ZDzMcbG62wZKKuL2dbK2pPda1m4VgaahODearzIQoS4
(…)
-----END ENCRYPTED PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIFrDCCA5SgAwIBAgIBDDANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJBVTET
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMREwDwYDVQQLDAhJbnRlciBDQTENMAsGA1UEAwwEYmlsbDAeFw0yMTAx
(…)
-----END CERTIFICATE-----


5.Place the file with the CA-signed certificate and key as cfg/lia_certificate.pem. Replace the existing file.

6.Restart the LIA process.