Data Domain: Managing Host Certificates for HTTP and HTTPS

Résumé: Host certificates allow browsers and applications to verify the identity of a Data Domain system when establishing secure management sessions. HTTPS is enabled by default. The system can use either a self-signed certificate or an imported certificate from a trusted Certificate Authority (CA). This article explains how to check, generate, request, import, and delete certificates for HTTP/HTTPS on Data Domain systems. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Instructions

Certificates may expire or become invalid. If no certificate is imported, the system uses a self-signed certificate, which browsers or integrated applications may not trust.

1. Check Existing Certificates.

On the Data Domain (DD-CLI), run the following command to view installed certificates:

adminaccess certificate show

If certificates are expired or nearing expiration:

  • If self-signed, regenerate using DD-CLI
  • If imported, follow the CSR and import steps below.

    2. Generate Self-Signed Certificates.

    To regenerate the HTTPS certificate:

    adminaccess certificate generate self-signed-cert

    To regenerate HTTPS and trusted CA certificates:

    adminaccess certificate generate self-signed-cert regenerate-ca

    3. Generate a Certificate Signing Request (CSR)

    Use DD System Manager:

    1. Set a passphrase, if not done already:
    system passphrase set
    1. Go to Administration > Access > Administrator Access.
    2. Select HTTPS > Configure > Certificate tab > Add.
    3. Click Generate the CSR for this Data Domain system.
    4. Complete the CSR form and download the file from:
    /ddvar/certificates/CertificateSigningRequest.csr

    CLI Alternative Example:

    adminaccess certificate cert-signing-request generate key-strength 2048bit country "CN" state "Shanghai" city "Shanghai" org-name "Dell EMC" org-unit "Dell EMC" common-name "ddve1.example.com" subject-alt-name "DNS:ddve1.example.com, DNS:ddve1"

    4. Import Signed Certificate

    Use DD System Manager:
    1. Select Administration > Access > Administrator Access
    2. In the Services area, select HTTPS and click Configure
    3. Select the Certificate tab
    4. Click Add. An Upload dialog appears:
    • For .p12 file:
      • Select Upload certificate as .p12 file, enter password, browse, and upload.
      • Example for .p12 selection:
    Upload certificate as.p12 file
    • For .pem file:
      • Select Upload public key as .pem file and use generated private key, browse, and upload.
    DD CLI alternative: Refer to article Data Domain: How to Generate a Certificate Signing Request and Use Externally Signed Certificates

    5. Delete Existing Certificate.

    Before adding a new certificate, delete the current certificate:

    1. Go to Administration > Access > Administrator Access > HTTPS > Configure > Certificate tab.
    2. Select certificate and click Delete.

    6. CSR Validation

    Validate CSR using Windows Command Prompt:

    certutil -dump <CSR file path>

    Informations supplémentaires

    • Private and public keys must be 2048 bits.
    • DDOS only supports an active CSR and a signed certificate for HTTPS at a time.

    Reference: Deployment KB: Data Domain: How to use externally signed certificates

    Produits concernés

    Data Domain
    Propriétés de l’article
    Numéro d’article: 000205198
    Type d’article: How To
    Dernière modification: 08 Jun 2026
    Version:  8
    Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
    Services de support
    Vérifiez si votre appareil est couvert par les services de support.