StoreVirtual Storage
1748149 Members
3667 Online
108758 Solutions
New Discussion юеВ

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

 
SOLVED
Go to solution
martinco-cae
Advisor

StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

Hello,

I've just started looking at the Rest API for StoreVirtual LHOS 12.7 on a VSA and I am having a problem the SSL certificate?

I am using the PowerShell "Invoke-RestMethod" and it is failing due to the untrusted self-signed certificate being presented by the StoreVirtual Rest API website on https port 8081.

I would like to generate a CSR and sign it with my own CA, so that it is trusted; but I cannot find any reference to doing this in the StoreVirtual LHOS 12.7 manuals.

Can anyone advise how to do this?

Many Thanks

Martin

 

5 REPLIES 5
martinco-cae
Advisor

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

So after nearly 24 hours and 160+ views, no one from the StoreVirtual product management or engineeing teams are able/willing to offer an answer (or even a response)?

I am guessing that this key requirement may have been overlooked in the rush to make a Rest API available and that there is no way of changing the certificate without root access to the OS.

Throw me a bone, HPE... Someone must know the answer.

 

Mukesh2
Advisor
Solution

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

Apologies for the delayed response as I was on an unexpected leave so coudln't share an update.

I can confirm that there is no normal ways to achieve this, however it can be done through a support request which will be looked at by our engineering.

As soon the request is reviewed and evaluated, they will be able to assist with it.

Kindly raise an HPE support request for assistance on this.

I am an HPE employee

Accept or Kudo

martinco-cae
Advisor

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

Hello & thank you for getting back to me.

I apprecaite you confirming the lack of customer accessable interface to do this.

Sadly, I dont have support on this StoreVirtual VSA, as I am using it evaluation mode for development of scripts/etc.

It is very frustrating that HPE make features like the Rest API available in their products, but gives little consideration to the customer securly integrating them into their own environment.

It would be nice if, in a future release, HPE could make some the LHOS accessible via CLI/SSH to a 'non-root' user who has the necsessary rights to run openssl (or whatever procedure engineering would do).

Thanks again,

Martin

 

 

 

Mukesh2
Advisor

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

While we appreciate your feedback, please note that the request raised for API are available for VSAs with valid support.

We haven't come across any scenarios with use of promotional VSAs with Rest API yet. (this is an exception)

Having said that the suggestion has been passed on to engineering, however there are minimal chances of any improvement in future considering the life of this product.

 

 

I am an HPE employee

Accept or Kudo

martinco-cae
Advisor

Re: StoreVirtual VSA Rest API - How to change SSL certificate for CA signed one?

Hello Mukesh2,

I apprecaite that the EOL is slated for the VSA and that any enhancement is unlikley, but please consider things like this in future products.

If you offer a https/ssl interface (Web GUI, Rest API, etc.) to interact with your product on any level, your customers should be able to create a CSR with their own settings and apply a signed certificate to that product/interface, without getting the vendor support involved.

I use the VSA (as well as other vendor virtual appliances) to test my PowerShell / RestAPI scripts. There is no way I could purchase ┬г10000's of kit for script testing when there is a free 30 day eval available! I apprecaite there are sometimes differences between virtual and physical products, but in the main the core functionality is identical.

It dosent surprise me that this is an exception; most people blindly accept (or ignore) self-signed certificates as it makes life easier.  #sheep

All the best 

M