Data Domain: Managing Host Certificates for HTTP and HTTPS

Yhteenveto: Host certificates allow browsers and applications to verify the identity of a Data Domain system when establishing secure management sessions. HTTPS is enabled by default. The system can use either a self-signed certificate or an imported certificate from a trusted Certificate Authority (CA). This article explains how to check, generate, request, import, and delete certificates for HTTP/HTTPS on Data Domain systems. ...

Tämä artikkeli koskee tuotetta Tämä artikkeli ei koske tuotetta Tämä artikkeli ei liity tiettyyn tuotteeseen. Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Tutustu muihin resursseihin

Ohjeet

Certificates may expire or become invalid. If no certificate is imported, the system uses a self-signed certificate, which browsers or integrated applications may not trust.

1. Check Existing Certificates.

On the Data Domain (DD-CLI), run the following command to view installed certificates:

adminaccess certificate show

If certificates are expired or nearing expiration:

  • If self-signed, regenerate using DD-CLI
  • If imported, follow the CSR and import steps below.

    2. Generate Self-Signed Certificates.

    To regenerate the HTTPS certificate:

    adminaccess certificate generate self-signed-cert

    To regenerate HTTPS and trusted CA certificates:

    adminaccess certificate generate self-signed-cert regenerate-ca

    3. Generate a Certificate Signing Request (CSR)

    Use DD System Manager:

    1. Set a passphrase, if not done already:
    system passphrase set
    1. Go to Administration > Access > Administrator Access.
    2. Select HTTPS > Configure > Certificate tab > Add.
    3. Click Generate the CSR for this Data Domain system.
    4. Complete the CSR form and download the file from:
    /ddvar/certificates/CertificateSigningRequest.csr

    CLI Alternative Example:

    adminaccess certificate cert-signing-request generate key-strength 2048bit country "CN" state "Shanghai" city "Shanghai" org-name "Dell EMC" org-unit "Dell EMC" common-name "ddve1.example.com" subject-alt-name "DNS:ddve1.example.com, DNS:ddve1"

    4. Import Signed Certificate

    Use DD System Manager:
    1. Select Administration > Access > Administrator Access
    2. In the Services area, select HTTPS and click Configure
    3. Select the Certificate tab
    4. Click Add. An Upload dialog appears:
    • For .p12 file:
      • Select Upload certificate as .p12 file, enter password, browse, and upload.
      • Example for .p12 selection:
    Upload certificate as.p12 file
    • For .pem file:
      • Select Upload public key as .pem file and use generated private key, browse, and upload.
    DD CLI alternative: Refer to article Data Domain: How to Generate a Certificate Signing Request and Use Externally Signed Certificates

    5. Delete Existing Certificate.

    Before adding a new certificate, delete the current certificate:

    1. Go to Administration > Access > Administrator Access > HTTPS > Configure > Certificate tab.
    2. Select certificate and click Delete.

    6. CSR Validation

    Validate CSR using Windows Command Prompt:

    certutil -dump <CSR file path>

    Lisätietoja

    • Private and public keys must be 2048 bits.
    • DDOS only supports an active CSR and a signed certificate for HTTPS at a time.

    Reference: Deployment KB: Data Domain: How to use externally signed certificates

    Tuotteet, joihin vaikutus kohdistuu

    Data Domain
    Artikkelin ominaisuudet
    Artikkelin numero: 000205198
    Artikkelin tyyppi: How To
    Viimeksi muutettu: 08 kesäk. 2026
    Versio:  8
    Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
    Tukipalvelut
    Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.