Enhanced Support for Console SSL Certificates in 126.96.36.199 and higher
rstacy 2700041RBM Visits (3019)
Clients have been able to configure their own SSL certificate since version 188.8.131.52. This allows administrators use certificates that have been signed by a Certificate Authority (CA) that complies with their established security standards and policies. It also assures end-users of the PureApplication console that their connections are secured and that they are connected to the actual PureApplication console.
Like in previous versions, 184.108.40.206 comes with a self-signed certificate from IBM installed by default, however IBM has introduced additional options regarding the type of SSL certificates and private keys that can be imported into PureApplication in 220.127.116.11 and higher:
The process for clients to import their own SSL certificate via the console is similar to previous releases, although the interface has been enhanced to provide support for the private key passphrase and certificate chain file. The import process is outlined in the Knowledge Center here.
The PureApplication Command Line Interface (CLI) has also been enhanced in order to support the additional certificate options. This is documented within the Knowledge Center here.
Validation of the certificate and key files has also been improved to ensure that correct files are being imported. PureApplication Events will be raised to indicate the success or failure of the import process.
CWZIP8579E New certificate content is missing from the request CWZIP8608E New private key content is missing from the request
In the event of an unexpected error that prevents the successful upload of the files, the following message will be displayed. Such an error may require investigation within the ipas.server trace logs, which can be found in the Management log collection set.
CWZIP8580E An error occurred while trying to update the SSL certificate
CWZIP8609E Certificate and private key do not match
The uploaded files are not a valid pair; Ensure that the correct server certificate and private key files are being uploaded
CWZIP8610E Passphrase is not valid for private key
The provided passphrase is incorrect for the given private key file; Ensure that the correct passphrase is provided during when initiating the import process
CWZIP8611E Certificate chain of trust cannot be verified
The given chain file was not used to sign the server certificate file and therefore the chain of trust is not valid; Ensure the correct chain file is being uploaded
CWZIP8612E Unable to apply imported console certificate
CWZIP8613I Console certificate has been successfully applied
Note: The imported SSL certificate will be persistent across future firmware upgrades of the PureApplication server.