Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Deploy Dell PowerFlex v3.6.x

PDF

Replace the default self-signed security certificate with your own trusted certificate

Create your own trusted certificate, and then replace the default certificate with the one that you created.

Steps

  1. Find the location of keytool on your server, and open it.
    It is a part of the Java (JRE or JDK) installation on your server, in the bin directory. For example:
    • C:\Program Files\Java\jdk1.8.0_XX\bin\keytool.exe
    • /usr/bin/keytool
  2. Generate your RSA private key:
    keytool -genkey -alias <YOUR_ALIAS> -keyalg RSA -keystore <PATH_TO_NEW_KEYSTORE_FILE>
    1. If you want to define a password, add the following parameters to the command. Use the same password for both parameters.
      -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD> 
      NOTE: Specify a directory outside the PowerFlex Gateway installation directory for the newly created keystore file. This will prevent it from being overwritten when the PowerFlex Gateway is upgraded or reinstalled.
  3. If you already have a Certificate Signing Request (CSR), skip this step.
    If you need a CSR, generate one by typing the following command. (If you did not define a keystore password in the previous step, omit the password flags.)
    keytool -certreq -keyalg RSA -alias <YOUR_ALIAS> -file certreq.txt -keystore <PATH_TO_NEW_KEYSTORE_FILE> -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
  4. If you already have an SSL certificate, skip this step.
    If you need an SSL certificate, use your CSR to obtain a new certificate from a third-party trusted SSL certificate provider. Save the certificate file on your server, outside the PowerFlex Gateway installation directory.
  5. Import the Trusted Root, by typing this command. (If you did not define a keystore password, omit the password flags.)
    keytool -import -alias root -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION OF_YOUR_root.cer_FILE> -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
    NOTE: The certificate must be in x.509 format.
    If a message appears saying that the root is already in the system-wide store, import it anyway.
  6. Import the intermediate certificates, by typing the command. (If you did not define a keystore password, omit the password flags.)
    keytool -import -alias intermediateCA -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION_OF_YOUR_intermediate.cer_FILE> -storepass <keystore password> -keypass <keystore password>

    You must provide a unique alias name for every intermediate certificate that you upload with this step.

  7. Install the SSL Certificate under the same alias that the CSR was created from (<YOUR_ALIAS> in previous steps), by typing the command (if you did not define a keystore password, omit the password flags):
    keytool -import -alias <YOUR_ALIAS> -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION_OF_SSL_CERTIFICATE> -storepass <keystore password> -keypass <keystore password>
  8. Edit the following items in the file <POWERFLEX_GATEWAY_INSTALLATION DIRECTORY>\conf\catalina.properties:
    1. keystore.file=<PATH_TO_NEW_KEYSTORE_FILE>
    2. keystore.password=<PASSWORD_DEFINED_DURING_KEYSTORE_CREATION>
      If you did not define a password, the default password is changeit.
  9. Restart the PowerFlex Gateway service:
    • Windows: From the Windows Services window, restart the EMC ScaleIO Gateway.
    • Linux: Type the following command:
      service scaleio-gateway restart
    Replacement of the security certificate is complete.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\