PowerStore Alerts: Single Sign-On (SSO) certificate renewal alerts

Summary: For Single Sign-On (SSO), PowerStore uses Certificate Authority (CA) certificates for authenticating and validating TLS connections with the external Identity Provider (IDP) Server. Certificates are valid for specific periods, usually one year or longer. When a certificate expires SSO may stop working. To prevent SSO impact, certificate expiration is monitored and alerts are raised to give the user time to obtain and install a new CA certificate before the old certificate expires. ...

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Symptoms

Alerts are generated when PowerStore determines the SSO - OIDC_HTTP service - CA certificate will expire soon.
The alerts generated:

  • Minor alert when the certificate will expire in 30 days and a new certificate has not been imported (0x02800201, CERTIFICATE_RENEWAL_EXPIRING_L3)
  • Major alert when the certificate will expire in 15 days and a new certificate has not been imported (0x02800202, CERTIFICATE_RENEWAL_EXPIRING_L2)
  • Critical alert when certificate will expire in 7 days and a new certificate has not been imported (0x02800203, CERTIFICATE_RENEWAL_EXPIRING_L1)
  • Critical alert when certificate has expired and a new certificate has not been imported (0x02800204, CERTIFICATE_RENEWAL_EXPIRED)

Cause

Certificates are valid for specific periods, usually one year or longer. When a certificate expires the associated service may stop working, or run in a degraded mode.

Resolution

The following describes the steps to import a new CA certificate chain for the OIDC_HTTP service. When a new certificate is successfully uploaded the alert(s) will be automatically acknowledged and cleared.

1. Select Settings and under Security, select Authentication, then select the SSO Identity Provider tab.

2. To import a new CA certificate chain to replace the existing CA certificate that is being used by PowerStore, click Import on the left side of the screen above the Certificates table.

3. Select and either import the certificate file or paste the certificate text (in PEM format) into the Import RSA SecurID Certificate slide out panel.

Note: If there are multiple CA certificates in the chain, they should all be imported in a single certificate file or text block, in ascending order; i.e., the root CA certificate should be last. If imported as a text block, add a carriage return between the end of one certificate and the start of the next.

4. Multiple certificates are supported, so the existing CA certificate will remain until it expires. When the existing CA certificate expires and a replacement has been imported, it will automatically be deleted.

To support smooth CA certificate rollover, PowerStore supports multiple CA certificate chains. In order to make sure the process to go through smoothly, before the CA certificate expires:

a. Upload the new CA certificate on PowerStore, before switching to new the new CA certificate signed server certificate on the IDP Server.

b. On the IDP server, switch to utilize the new CA signed server cert.

Produse afectate

PowerStore
Proprietăți articol
Article Number: 000325164
Article Type: Solution
Ultima modificare: 30 ian. 2026
Version:  2
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.