Acquiring a signed certificate, Acquiring a self-signed certificate, Acquiring a signed and trusted certificate – HP XP7 Storage User Manual
Page 17: Uploading the signed certificate
For some fields there will be a default value.
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Kanagawa
Locality Name (eg, city) []:Odawara
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Hitachi
Organization Unit Name (eg, section) []:ITPD
Common Name (eg, YOUR name) []:192.168.0.1
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
Acquiring a signed certificate
After creating private key and public key, please acquire signed certificate file of public key. Below
are the three ways to acquire signed certificate file.
•
Create a certificate by self-signing.
•
Acquire a certificate of certificate authority which is used within your company.
•
Acquire an official certificate by requesting one from a certificate authority such as VeriSign.
When you send a request to a certificate authority, specify SVP as the host name. There will
be an extra charge.
NOTE:
HP recommend that self-signed certificates be used only for testing encrypted
communication.
Acquiring a self-signed certificate
To acquire a self-signed certificate, open the command prompt and execute the following command:
c:\key>c:\openssl\bin\openssl x509 -req -sha256 -days 10000 -in
server.csr -signkey server.key -out server.crt
NOTE:
This command uses SHA-256 as a hash algorithm. MD5 or SHA-1 is not recommended
for a hash algorithm due to its low security level.
This creates a server.crt file in the c:\key folder, which is valid for 10,000 days. This is the signed
private key, which is also referred to as a self-signed certificate.
Acquiring a signed and trusted certificate
To acquire a signed and trusted certificate, you must acquire a certificate signing request (CSR),
send that file to a Certificate Authority (CA), and request that the CA issue a signed and trusted
certificate. Each certificate authority has its own procedures and requirements, and there is generally
a cost for doing so. The signed and trusted certificate is the signed Public Key.
Uploading the signed certificate
To use SSL-encrypted communication, you must update and upload the private key and the signed
server certificate (Public Key) to the SVP.
Setting up SSL encryption
17