Data Domain: Managing Host Certificates for HTTP and HTTPS

Riepilogo: Host certificates allow browsers and applications to verify the identity of a Data Domain system when establishing secure management sessions. HTTPS is enabled by default. The system can use either a self-signed certificate or an imported certificate from a trusted Certificate Authority (CA). This article explains how to check, generate, request, import, and delete certificates for HTTP/HTTPS on Data Domain systems. ...

Questo articolo si applica a Questo articolo non si applica a Questo articolo non è legato a un prodotto specifico. Non tutte le versioni del prodotto sono identificate in questo articolo.
Scopri le altre risorse

Istruzioni

Certificates may expire or become invalid. If no certificate is imported, the system uses a self-signed certificate, which may not be trusted by browsers or integrated applications.

1. Check Existing Certificates.

On the Data Domain (DD-CLI), run the following command to view installed certificates:

adminaccess certificate show

If certificates are expired or nearing expiration:

    • If self-signed, regenerate using DD-CLI.
    • If imported, follow the CSR and import steps below.

2. Generate Self-Signed Certificates.

To regenerate the HTTPS certificate:

adminaccess certificate generate self-signed-cert

To regenerate HTTPS and trusted CA certificates:

adminaccess certificate generate self-signed-cert regenerate-ca

3. Generate a Certificate Signing Request (CSR)

Use DD System Manager:

    1. Set a passphrase, if not done already: 
      system passphrase set
    2. Navigate to Administration > Access > Administrator Access.
    3. Select HTTPS > Configure > Certificate tab > Add.
    4. Click Generate the CSR for this Data Domain system.
    5. Complete the CSR form and download the file from: 
      /ddvar/certificates/CertificateSigningRequest.csr

CLI alternative: (Example)

adminaccess certificate cert-signing-request generate key-strength 2048bit country "CN" state "Shanghai" city "Shanghai" org-name "Dell EMC" org-unit "Dell EMC" common-name "ddve1.example.com" subject-alt-name "DNS:ddve1.example.com, DNS:ddve1"
4. Import Signed Certificate
  • Use DD System Manager:
    • Select Administration > Access > Administrator Access
    • In the Services area, select HTTPS and click Configure
    • Select the Certificate tab
    • Click Add
      An Upload dialog appears:
  • For .p12 file:
    • Select Upload certificate as .p12 file, enter password, browse, and upload.
  • For .pem file:
  • Example for .p12 selection:
    • Uploadcertificateas.p12file

5. Delete Existing Certificate.

Before adding a new certificate, delete the current one:

    • Navigate to Administration > Access > Administrator Access > HTTPS > Configure > Certificate tab.
    • Select certificate and click Delete.

6. CSR Validation

Validate CSR using Windows Command Prompt:

certutil -dump <CSR file path>
 

Informazioni aggiuntive

  • Private and public keys must be 2048 bits.
  • DDOS supports one active CSR and one signed certificate for HTTPS at a time.

Reference: Deployment KB: Data Domain: How to use externally signed certificates

 

 

Prodotti interessati

Data Domain
Proprietà dell'articolo
Numero articolo: 000205198
Tipo di articolo: How To
Ultima modifica: 27 nov 2025
Versione:  7
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.