Create Key/CSR
Overview
This function performs settings for creating and exporting the SSL server key and the Certificate Signing Request (CSR) which are used to acquire a SSL server certificate.
CSR is a certificate application form to submit to the certification authority.
Check the necessary items for authentication beforehand.
When using the key server for SED authentication key management, a self-signed SSL certificate or an SSL server certificate is required to establish the communication between the storage system and the key server. These SSL certificates are used as trusted certificates of the storage system. When using the key management server linkage function to manage the key, register the SSL server certificate for the storage system. The registered SSL server certificate is transferred to the key server from the storage system when the key is updated. Refer to the [Update SED Authentication Key] function for details.
To register the SSL server key and the SSL server certificate in the storage system, use the [Register SSL Certificate] function.
User Privileges
Availability of Executions in the Default Role
| Default role | Availability of executions |
|---|---|
| Monitor | |
| Admin | |
| StorageAdmin | |
| AccountAdmin | |
| SecurityAdmin | |
| Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Create Key/CSR Setting
| Item | Description | Setting values | |||
|---|---|---|---|---|---|
Key Length |
Select the SSL server key length. The SSL server key length is equivalent to the encryption level. In general, the longer the key is, the higher the encryption level becomes (meaning that decrypting the encrypted data is difficult). |
1024 bit 2048 bit (Default) 4096 bit |
|||
Country Name |
Input the country code which conforms to ISO-3166 A2 (required). (Example) Japan: JP |
Alphabetic characters (upper case) (A - Z) Two fixed letters |
|||
State or Province Name |
Input the prefecture where the organization is located (required). (Example) Kanagawa |
Up to 63 alphabetic characters (A - Z, a - z) and spaces |
|||
Locality Name |
Input the municipality where the organization is located (required). (Example) Kawasaki |
Up to 63 alphabetic characters (A - Z, a - z) and spaces |
|||
Organization Name |
Input the organization name (required). (Example) XXX LIMITED |
Up to 63 alphabetic characters (A - Z, a - z), numeric characters (0 - 9), and spaces |
|||
Organization Unit Name |
Input the department/division name of the organization (required). (Example) YYYYY Division |
Up to 63 alphabetic characters (A - Z, a - z), numeric characters (0 - 9), and spaces |
|||
Common Name |
Enter the main IP address or a Fully Qualified Domain Name (FQDN) of the port (an MNT port, an RMT port, or an FST (*1) port) for using with HTTPS access from Web GUI (required).
There are two methods to specify the main IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation. |
|
|||
Subject Alt Name |
Enter IP addresses or FQDNs of the ports (multiple MNT ports, RMT ports, and FST (*1) ports) to use with HTTPS access from Web GUI. For the IP address or the FQDN, the primary IP address or FQDN that is entered in the "Common Name" field is included.
There are two methods to specify an IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation. |
Multiple IP addresses and FQDNs can be specified. Start a new line for each IP address or FQDN when specifying multiple IP addresses and FQDNs. If IPv4 addresses, IPv6 addresses, and FQDNs exist in the setting field, up to 511 characters that include a "." (dot), a ":" (colon), and a linefeed code can be entered. |
Select Export File
| Item | Description | Setting values |
|---|---|---|
File Name |
Select the file that is to be downloaded. |
Key File CSR File |
Operating Procedures
Click [Create Key/CSR] in [Action].
Specify the parameters, and click the [Create] button.
→ A confirmation screen appears.
Caution- An error screen appears in the following conditions:
When items do not satisfy the input conditions
When all of the required items are not input
- An error screen appears in the following conditions:
Click the [OK] button.
→ The creation of the CSR starts. When the creation of the CSR is complete, the screen for downloading the file is displayed.
Select the file that is to be downloaded, and click the [Export] button.
→ A dialog box to download the file appears.
Save the downloaded file.
The default key file name is "ServerKey_serial number for the storage system_YYYY-MM-DD_hh-mm-ss.txt".
The default CSR file name is "ServerCsr_serial number for the storage system_YYYY-MM-DD_hh-mm-ss.txt".
(YYYY-MM-DD_hh-mm-ss: the date and time when the download screen (Step 4) is displayed.)
→ The files are saved.
NotePerform Step 4 and Step 5 for each key file and CSR file that is to exported.
Click the [Done] button to return to the [Network] screen.