Create Key/CSR

Overview

This function performs settings for creating and exporting the SSL server key and the Certificate Signing Request (CSR) which are used to acquire a SSL server certificate.

CSR is a certificate application form to submit to the certification authority.

Caution
  • Check the necessary items for authentication beforehand.

  • When using the key server for SED authentication key management, a self-signed SSL certificate or an SSL server certificate is required to establish the communication between the storage system and the key server. These SSL certificates are used as trusted certificates of the storage system. When using the key management server linkage function to manage the key, register the SSL server certificate for the storage system. The registered SSL server certificate is transferred to the key server from the storage system when the key is updated. Refer to the [Update SED Authentication Key] function for details.

Note
  • To register the SSL server key and the SSL server certificate in the storage system, use the [Register SSL Certificate] function.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin  
SecurityAdmin  
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Create Key/CSR Setting

Item Description Setting values

Key Length

Select the SSL server key length.

The SSL server key length is equivalent to the encryption level. In general, the longer the key is, the higher the encryption level becomes (meaning that decrypting the encrypted data is difficult).

1024 bit

2048 bit (Default)

4096 bit

Country Name

Input the country code which conforms to ISO-3166 A2 (required).

(Example) Japan: JP

Alphabetic characters (upper case) (A - Z)

Two fixed letters

State or Province Name

Input the prefecture where the organization is located (required).

(Example) Kanagawa

Up to 63 alphabetic characters (A - Z, a - z)

and spaces

Locality Name

Input the municipality where the organization is located (required).

(Example) Kawasaki

Up to 63 alphabetic characters (A - Z, a - z)

and spaces

Organization Name

Input the organization name (required).

(Example) XXX LIMITED

Up to 63 alphabetic characters (A - Z, a - z),

numeric characters (0 - 9),

and spaces

Organization Unit Name

Input the department/division name of the organization (required).

(Example) YYYYY Division

Up to 63 alphabetic characters (A - Z, a - z),

numeric characters (0 - 9),

and spaces

Common Name

Enter the main IP address or a Fully Qualified Domain Name (FQDN) of the port (an MNT port, an RMT port, or an FST (*1) port) for using with HTTPS access from Web GUI (required).

*1  :  FST can be used for the ETERNUS DX500 S5/DX600 S5/DX900 S5 and the ETERNUS AF650 S3.

There are two methods to specify the main IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation.

  • For IPv4 address

    • xxx.xxx.xxx.xxx

      xxx: 1 - 255 for the top field (decimal)

      xxx: 0 - 255 for other fields (decimal)

    • Class must be A, B, or C.

  • For IPv6 address

    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

    xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters)

    Refer to "IPv6 Address Notation" for details.

  • For FQDN

    Up to 63 alphanumeric characters and symbols

    (except "<", ">", "~", "!", "@", "#", "$", "%", "^", "\", "?", "&", and space)

Subject Alt Name

Enter IP addresses or FQDNs of the ports (multiple MNT ports, RMT ports, and FST (*1) ports) to use with HTTPS access from Web GUI. For the IP address or the FQDN, the primary IP address or FQDN that is entered in the "Common Name" field is included.

*1  :  FST can be used for the ETERNUS DX500 S5/DX600 S5/DX900 S5 and the ETERNUS AF650 S3.

There are two methods to specify an IP address; "IPv4" and "IPv6". The following IPv6 addresses can be used; "link local address", "global address", "unique local address", or "6to4 address". Refer to "Available IPv6 Address" for details. When the current setting is displayed, the IPv6 address is displayed as an abbreviation.

  • For IPv4 address

    • xxx.xxx.xxx.xxx

      xxx: 1 - 255 for the top field (decimal)

      xxx: 0 - 255 for other fields (decimal)

    • Class must be A, B, or C.

  • For IPv6 address

    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

    xxxx: 0 - ffff (FFFF) (hexadecimal, alphanumeric characters)

    Refer to "IPv6 Address Notation" for details.

  • For FQDN

    Up to 511 alphanumeric characters and symbols

    (A linefeed code is also counted as one character. Except "<", ">", "~", "!", "@", "#", "$", "%", "^", "\", "?", "&", and space.)

Multiple IP addresses and FQDNs can be specified. Start a new line for each IP address or FQDN when specifying multiple IP addresses and FQDNs.

If IPv4 addresses, IPv6 addresses, and FQDNs exist in the setting field, up to 511 characters that include a "." (dot), a ":" (colon), and a linefeed code can be entered.

Select Export File

Item Description Setting values

File Name

Select the file that is to be downloaded.

Key File

CSR File

Operating Procedures

  1. Click [Create Key/CSR] in [Action].

  2. Specify the parameters, and click the [Create] button.

    → A confirmation screen appears.

    Caution
    • An error screen appears in the following conditions:
      • When items do not satisfy the input conditions

      • When all of the required items are not input

  3. Click the [OK] button.

    → The creation of the CSR starts. When the creation of the CSR is complete, the screen for downloading the file is displayed.

  4. Select the file that is to be downloaded, and click the [Export] button.

    → A dialog box to download the file appears.

  5. Save the downloaded file.

    • The default key file name is "ServerKey_serial number for the storage system_YYYY-MM-DD_hh-mm-ss.txt".

    • The default CSR file name is "ServerCsr_serial number for the storage system_YYYY-MM-DD_hh-mm-ss.txt".

      (YYYY-MM-DD_hh-mm-ss: the date and time when the download screen (Step 4) is displayed.)

    → The files are saved.

    Note
    • Perform Step 4 and Step 5 for each key file and CSR file that is to exported.

  6. Click the [Done] button to return to the [Network] screen.