- Notes, cautions, and warnings
- Introduction
- Linux
- Overview—deployment steps and options
- Preparation for deployment
- Download installation packages—Linux
- Deploying PowerFlex with SELinux
- Prepare server operating systems for support of large-scale systems (up to 2048 SDCs)
- Prepare the DAX devices
- Install and configure the PowerFlex Gateway
- Install PowerFlex Gateway on Linux
- Install PowerFlex Gateway on Windows
- Configure PowerFlex Gateway properties
- Advanced and optional PowerFlex Gateway tasks
- Install the PowerFlex Gateway without assigning an admin password
- Reset PowerFlex Gateway password
- Store Tomcat's keystore password in the lockbox
- PowerFlex Gateway installation with a custom Java configuration
- Install Java on SUSE 12 servers
- Certificate management for PowerFlex Gateway
- Using SSH authentication on the PowerFlex Gateway
- Preparation tasks for SLES, Oracle Linux and Ubuntu
- Prepare the CSV file
- Clean the PowerFlex VMware environment
- Deploying PowerFlex using a non-root user
- Configure the OpenStack Nova Compute service
- Deploy PowerFlex
- Installation wizard
- Customizable installation using CSV file—hyper-converged system
- Customizable installation using CSV file—two-layer system
- Log in and upload installation packages
- Upload the CSV file
- Start the customized installation
- Complete the customized installation—two-layer system backend
- Install SDC on frontend servers
- Install the PowerFlex presentation server
- SDC (scini) driver configuration for SELinux
- Add components to a PowerFlex system—Linux
- VMware ESXi
- Overview—deployment steps
- Preparation for deployment
- Deploy PowerFlex using the vSphere PowerFlex plug-in
- Manually deploy PowerFlex on ESXi servers
- Manual Deployment of VxFlex OS on ESXi Servers
- Deploying the PowerFlex storage virtual machine (SVM)
- Manually install PowerFlex components on the SVMs
- Register the vSphere PowerFlex plug-in
- Install SDC on an ESXi server using the vSphere PowerFlex plug-in
- Install the SDC on an ESXi-based server and connect it to PowerFlex using esxcli
- Manually remove a VIB file from an ESXi host
- Add components to a PowerFlex system—ESXi
- PowerFlex Installer REST API
- PowerFlex VASA
- Post-deployment tasks
Deploy Dell PowerFlex v3.6.x
Replace the default self-signed security certificate with your own trusted certificate
Create your own trusted certificate, and then replace the default certificate with the one that you created.
Steps
-
Find the location of
keytool on your server, and open it.
It is a part of the Java (JRE or JDK) installation on your server, in the bin directory. For example:
- C:\Program Files\Java\jdk1.8.0_XX\bin\keytool.exe
- /usr/bin/keytool
-
Generate your RSA private key:
keytool -genkey -alias <YOUR_ALIAS> -keyalg RSA -keystore <PATH_TO_NEW_KEYSTORE_FILE>
-
If you want to define a password, add the following parameters to the command. Use the same password for both parameters.
-storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
NOTE: Specify a directory outside the PowerFlex Gateway installation directory for the newly created keystore file. This will prevent it from being overwritten when the PowerFlex Gateway is upgraded or reinstalled.
-
If you want to define a password, add the following parameters to the command. Use the same password for both parameters.
-
If you already have a Certificate Signing Request (CSR), skip this step.
If you need a CSR, generate one by typing the following command. (If you did not define a keystore password in the previous step, omit the password flags.)
keytool -certreq -keyalg RSA -alias <YOUR_ALIAS> -file certreq.txt -keystore <PATH_TO_NEW_KEYSTORE_FILE> -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
-
If you already have an SSL certificate, skip this step.
If you need an SSL certificate, use your CSR to obtain a new certificate from a third-party trusted SSL certificate provider. Save the certificate file on your server, outside the PowerFlex Gateway installation directory.
-
Import the Trusted Root, by typing this command. (If you did not define a keystore password, omit the password flags.)
keytool -import -alias root -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION OF_YOUR_root.cer_FILE> -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
NOTE: The certificate must be in x.509 format.If a message appears saying that the root is already in the system-wide store, import it anyway. -
Import the intermediate certificates, by typing the command. (If you did not define a keystore password, omit the password flags.)
keytool -import -alias intermediateCA -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION_OF_YOUR_intermediate.cer_FILE> -storepass <keystore password> -keypass <keystore password>
You must provide a unique alias name for every intermediate certificate that you upload with this step.
-
Install the SSL Certificate under the same alias that the CSR was created from (<YOUR_ALIAS> in previous steps), by typing the command (if you did not define a keystore password, omit the password flags):
keytool -import -alias <YOUR_ALIAS> -keystore <PATH_TO_NEW_KEYSTORE_FILE> -trustcacerts -file <LOCATION_OF_SSL_CERTIFICATE> -storepass <keystore password> -keypass <keystore password>
-
Edit the following items in the file
<POWERFLEX_GATEWAY_INSTALLATION DIRECTORY>\conf\catalina.properties:
- keystore.file=<PATH_TO_NEW_KEYSTORE_FILE>
-
keystore.password=<PASSWORD_DEFINED_DURING_KEYSTORE_CREATION>
If you did not define a password, the default password is changeit.
-
Restart the
PowerFlex Gateway service:
- Windows: From the Windows Services window, restart the EMC ScaleIO Gateway.
- Linux: Type the following command:
service scaleio-gateway restart
Replacement of the security certificate is complete.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\