SSL certificates

Use this page to view, import, or delete SSL certificates to support connection to a Storage Authentication Service server from an IBM® TS7700 Cluster. Installing SSL certificates also makes supporting direct connections to LDAP servers (from R3.0 or later). Starting from R3.3, this page also allows the user to replace the MI HTTPS SSL certificate with a custom one.

If a Primary or Alternate server URL defined by the Storage Authentication Service policy uses the https protocol, a certificate for that address must be defined on this page. The same is true for Direct LDAP policies, if the Primary or Alternate server uses LDAPs. If the policy uses LDAP, then a certificate is not required. The Certificates table displays identifying information for SSL certificates on the cluster. Information that is shown includes the following:

Alias: A unique name to identify the certificate on the machine.
Issued To: The distinguished name of the entity that is requesting the certificate.
Fingerprint: A number that specifies the Secure Hash Algorithm (SHA hash) of the certificate. This number can be used to verify the hash for the certificate at another location, such as the client side of a connection.
Expiration: The expiration date of the signer certificate for validation purposes.
Issued By: The issuer of the certificate.
Type: Type displays whether the certificate is a trusted certificate that is installed from a remote server or https for the only certificate that is used in https connections to the MI.

To import a new SSL certificate, select New Certificate from the top of the table, which displays a wizard dialog.

To retrieve a certificate from the server, select Retrieve certificate from server and click Next. Enter the host and port from which the certificate is retrieved and click Next. The certificate information is retrieved and in that panel the user must set a unique alias. To import the certificate select Finish. To abandon the operation and close the dialog, click Cancel. The user can also go back to the Retrieve Signer Information panel.
To upload a certificate, select Upload a certificate file and click Next. Click the Upload button, select a valid certificate file, and click Next. Verify that the certificate information (serial number, issued to, issued by, fingerprint, expiration) is displayed on the wizard. Fill the alias field with valid characters. When the Finish button is enabled, click Finish. Verify that the trusted certificate was successfully added in the SSL Certificates table. To abandon the operation and close the dialog, click Cancel. The user can also go back to the Retrieve Signer Information panel.

To delete an existing SSL certificate, select the radio button next to the certificate you want to delete. Then, select Delete from the Select Action drop-down menu and click Go. A confirmation dialog page opens to confirm your decision to delete the SSL certificate. Click Yes to delete the certificate and close the dialog. Click No to abandon the delete operation and close the dialog. The delete operation applies only to trusted certificates.

The Replace option in the actions button allows the user to upload a new certificate and its private key to replace the HTTPS certificate. This operation applies only to HTTPS type certificates.