Signing AMS security certificates using CLI commands
Sign the AMS security certificates that are generated by VxFlex OS components,
using CLI commands.
About this task
The Certificate Authority (CA) server is the signing authority for signing and validating
the security certificates. For the CA server to sign a security certificate, you must
complete the following sequential stages:
1. Exporting the certificate from the VxFlex OS system
2. Getting the certificate signed by your own CA server
3. Importing the certificate back into the system
4. Updating the certificate on VxFlex OS components, via Renew Certificates options
Note:
This procedure is optional and can be performed either before VxFlex OS
deployment or post deployment.
Procedure
1. Log in to the AMS.
2. Generate a certificate from the Linux-based AMS server:
a. Perform either of the following:
Access full path: java -jar /opt/emc/scaleio/ams/webapps/
l
ROOT/resources/scaleio_repository/
Relative path: cd /opt/emc/scaleio/ams/webapps/ROOT/
l
resources/scaleio_repository
b. Run this command:
EMC-ScaleIO-ams-cli-3.0-<build>.XXX.jar --username
<USERNAME> --password <PASSWORD>
generate_certificate_request --file_name <NAME_FILE>
An unsigned certificate appears in the command-defined file on your local
drive.
3. Send the command-defined file, with unsigned certificate, to your CA server
and initiate request for the signed certificate.
4. Upload the signed certificate to the server.
5. Replace the existing unsigned certificate in the Linux-based AMS server with
the new signed certificate:
a. Perform either of the following:
Access full path: java -jar /opt/emc/scaleio/ams/webapps/
l
ROOT/resources/scaleio_repository/
Relative path: cd /opt/emc/scaleio/ams/webapps/ROOT/
l
resources/scaleio_repository
--
Dell EMC VxFlex Ready Node AMS User Guide
Security Management
159