Acquiring a self-signed certificate, Creating a signed and trusted certificate, Uploading the signed certificate to the svp – HP XP RAID Manager Software User Manual

Figure 3 Creating a public key

Acquiring a self-signed certificate

To acquire a self-signed certificate, open the command prompt and execute the following command

C:\openssl> openssl x509 -req -sha256 -days 10000 -in server.csr -signkey server.key -out server.crt

This command uses SHA-256 as a hush algorithm. MD5 or SHA-1 is not recommended for a hush
algorithm due to its low security level.

This creates a server.crt file in the openssl folder, which is valid for 10,000 days. This is
the signed private key, which is also referred to as a self-signed certificate.

Creating a signed and trusted certificate

If you want to create a signed and trusted certificate, you need to create a certificate signing
request (CSR), send that file to a Certificate Authority (CA), and request that the CA issue a signed
and trusted certificate. Each certificate authority has its own procedures and requirements, and
there is generally a cost for doing so. The signed and trusted certificate is the signed public key.

Uploading the signed certificate to the SVP

To use SSL-encrypted communication, you must update and upload the private key and the signed
Server Certificate (public key) to the web server (SVP).

Procedure 5 To update and upload both the private key and the signed Server Certificate (public
key) to the web server (SVP):

1.

Log off from all Remote Web Console web client sessions on the SVP.

2.

In the web browser of your Remote Web Console computer, specify the following URL:

http://IP-address-or-host-name-of-SVP/cgi-bin/utility/toolpanel.cgi

3.

In the Tool Panel dialog box, click Update Certificate Files. If the SSL encrypted communications
is set up and the Security Alert dialog box appears, click OK. The Security Alert dialog box
for the certificate may also appear. In this case, click View Certificate, confirm the certificate
is correct, and then click Yes.

4.

Enter the user ID and password for the administrator, then click Login. The upload dialog box
for Update Certificate Files appears.

5.

Enter both the public key certificate file name in the Certificate file (.crt file) box and the private
Key file (.key file) box. You can enter the file names directly or by clicking Browse.

6.

Click Upload on the upload dialog box of Update Certificate Files. The execution of Update
Certificate Files confirmation dialog box appears.

7.

Click OK to begin the certificate update. Once complete, the web server restarts and a dialog
box appears.

It may take 30 or 60 minutes for the web server to restart. In this case, the Update Certificate
Files Completion dialog box does not appear and an internal server error occurs, but the
setting is actually completed.

Setting up SSL encryption

15