@vmanalyst!

EMC

Replace Unisphere self-signed SSL certificates

By Ash Thomas #

Loading

A quick blog to show how to replace the Unity Self-signed SSL cert with a trusted Windows CA-issued cert

  1. Create a private key on SP.

service@unknown spa:~/user#

openssl genrsa -des3 -out unitycert.key -passout pass:emcemc
Generating RSA private key, 2048 bit long modulus
……………………….+++
……………………………………………………………………………..+++
e is 65537 (0x10001)

  1. Removethe passphrase from the key on SP.

CAUTION: This step is important. If the passphrase is not removed from the key, it causes SP panic.

service@unknown spa:~/user#

openssl rsa -in unitycert.key -passin pass:emcemc -out unitycert.pk
writing RSA key

  1. Request CSR on SP.

service@unknown spa:~/user#

openssl req -new -sha256 -key unitycert.pk -out unitycert.csr -days 1825 -subj ‘/C=GB/ST=London/L=Kilburn/O=Ceat/CN=10.0.0.50’

Here “-subj ‘/C=County/ST=State/L=Location/O=CustomerName/CN=IP or FQDN of the Unity'”

  1. Use the ‘cat’ command to view the contents of unitycert.csr.

service@unknown spa:~/user# cat unitycert.csr
—–BEGIN CERTIFICATE REQUEST—–
MIICljCCAX4CAQAwUTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMREwDwYDVQQH
DAhTYXJhc290YTEPMA0GA1UECgwGTXlDdXN0MREwDwYDVQQDDAgxMC4wLjAuMTCC

—–END CERTIFICATE REQUEST—–


5. I’ll open my CA web enrollment web page, where I will click on Request a certificate

6. Select advanced certificate request

7. Copy the output of unitycert.csr. and Choose template as webserver

8. Select DER 64 encoded followed by clicking on Download certificate and save the file exactly as unitycert.crt

9. Using WinSCP, move the signed unitycert.crt back to the Unity so now we will have 4 files as below.

Replacing the Certificate on Unity

After the signed certificate is received from CA server, upload it to SP and save its name as unitycert.crt (corresponding to unitycert.pk). The part of the filename before the applicable file type extension should match for each of the files. That matching portion of the filenames is the argument that is to the svc_custom_cert command as seen in the example below.

10 – Finally, use the svc_custom_cert command to upload the cert which will restart the web server and in a few minutes you will get a signed url to access the Unity.

service@unknown spa:~/user# svc_custom_cert unitycert
Successfully installed custom certificate files.
Restarting web server …
Sun May 22 05:37:48 2016:7645\0x7f44ba3e27c0:32:Module CIC/1.1.10.6 loaded


Reference

https://www.dell.com/support/kbdoc/en-uk/000021122/dell-emc-unity-how-to-replace-unisphere-self-signed-ssl-certificates-with-signed-certificates-from-a-local-certificate-authority-user-correctable

(Visited 197 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply