HPE Community
HPE Primera Storage
1820258 Members
2946 Online
109622 Solutions
New Discussion юеВ

Primera 4.5.11

 
Scott Caryer
Frequent Advisor

тАО09-07-2023 02:26 PM - last edited on тАО09-07-2023 11:07 PM by

тАО09-07-2023 02:26 PM - last edited on тАО09-07-2023 11:07 PM by

Primera 4.5.11

I am trying to add SSL certificate to my Primera arrays. I was able to setup LDAP, and add my domain CA cert. However, I do not see where or how I create the CSR to submit to my CA for a Cert. Please advise...Thanks, Scott

0 Kudos
Reply
8 REPLIES 8
Satish04
HPE Pro

тАО09-07-2023 09:56 PM

тАО09-07-2023 09:56 PM

Re: Primera 4.5.11

Hi Scott Caryer,

Follow the below steps to generate and install the SSL certificate for HPE Primera storage:

1. Login to the HPE Primera User Interface using the IP address of the HPE Primera Storage.
2. Select "Settings" from the main menu, and click on "Array Certificates".
3. Select the "Create" (+) icon at the top right corner. Enter the required information and click on "Add".

Hope this helps.

Regards,
Satish



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Dardan
Trusted Contributor

тАО09-07-2023 10:58 PM

тАО09-07-2023 10:58 PM

Re: Primera 4.5.11

Hi Scott,

Below a step-by-step procedure: https://www.storcom.com/implementing-ca-certificates-on-primera-ui/

Hope this helps.

Dardan

___________
Hit the Kudo's button to show appreciation or mark as solution if your question was answered.
0 Kudos
Reply
Scott Caryer
Frequent Advisor

тАО09-11-2023 05:58 AM - last edited on тАО09-11-2023 11:03 PM by

тАО09-11-2023 05:58 AM - last edited on тАО09-11-2023 11:03 PM by

Re: Primera 4.5.11

@Satish04 Awesome!

Thanks Satish. Since I am getting a cert from my windows CA, what should I select for the "Array Service"? I am not familiar with the CIM, CLI, ekm-client, etc selections...

It always looks like I am forced to use a SAN as well...interesting...

I am getting the below error message regardless of which Array Certificate selection I use:

Error: unable to create CSR extension X509v3 Subject Alternative Name with value PRIM-COLO1,PRIM-COLO1.HCBOCC.AD.

Thanks in advance, Scott

0 Kudos
Reply
Scott Caryer
Frequent Advisor

тАО09-11-2023 02:05 PM

тАО09-11-2023 02:05 PM

Re: Primera 4.5.11

Hello Dardan, Thanks for the link. I get the same error message when I try it from the CLI. Oh welll....

0 Kudos
Reply
Satish04
HPE Pro

тАО09-12-2023 06:48 AM

тАО09-12-2023 06:48 AM

Re: Primera 4.5.11

Hi Scott Caryer,

The error message is saying that you are having an issue creating CSR (Certificate Signing Requests) for your HPE Primera array. There is a problem with the value you are trying to set in the X509v3 Subject Alternative Name field.
The correct Subject Alternative Name (SAN) value must be specified carefully to resolve this issue. Additional host names and IP addresses may be specified in the SAN field beyond the HPE Primary common name (CN) of the certificate.
Your SAN values in your certificate will be "PRIM-COLO1" and "PRIM-COLO1.HCBOCC.AD", and when creating the CSR, make sure that you enter these values correctly.
A certificate's "Array Service" should also match its purpose. In case you are not sure, consult the documentation for your HPE Primera array or contact HPE support for guidance.

Hope this helps.

Regards,
Satish



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Scott Caryer
Frequent Advisor

тАО09-12-2023 07:05 AM - last edited on тАО09-12-2023 11:51 PM by

тАО09-12-2023 07:05 AM - last edited on тАО09-12-2023 11:51 PM by

Re: Primera 4.5.11

@Satish04 Great feedback Satish,

It is interesting that the SAN field is actually required to have information entered. Typically, the SAN is an optional value when I generate any other HPe related certs. Regardless, I have tried adding excatly what you suggested and used a comma with no spaces. I then tried the same information with a space after the comma. I keep getting this same error message. 

I am not sure what you are indicating with your below statement: 

A certificate's "Array Service" should also match its purpose. In case you are not sure, consult the documentation for your HPE Primera array or contact HPE support for guidance. 

I am simply trying to create a signed cert against my Window Domain CA which I have done countless times. So I am not sure which option to choose under the Array Service. I did review what the names actually mean from the documentation. However, the documentation does NOT spell out which one I should use to simply sign a cert against my Windows Domain CA. 

Thanks, Scott

 

0 Kudos
Reply
Satish04
HPE Pro

тАО09-14-2023 10:53 PM

тАО09-14-2023 10:53 PM

Re: Primera 4.5.11

Hi Scott Caryer,

You have to select the WSAPI (Web Services Application programming interface) for the "Array Services".

Please refer to the below link for the same.

URL - https://support.hpe.com/hpesc/public/docDisplay?docId=a00114827en_us&docLocale=en_US&page=GUID-9C5EC999-3AE5-477B-8B79-55230626DF7B.html

Hope this helps.

Regards,
Satish



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Sunitha_Mod
Moderator

тАО09-28-2023 08:40 AM

тАО09-28-2023 08:40 AM

Re: Primera 4.5.11

Hello @Scott Caryer,

Let us know if you were able to resolve the issue.

If you have no further query and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.



Thanks,
Sunitha G
I'm an HPE employee.
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.