A Dell Data Security (formerly Dell Data Protection) server may use a certificate that is provided by a third-party or internal certificate authority (CA).
Affected Products:
Dell Security Management Server
Dell Security Management Server Virtual
Dell Data Protection | Enterprise Edition
Dell Data Protection | Virtual Edition
Affected Versions:
v8.0.0 to Later
To use a CA certificate, Dell Data Security server requires:
- A certificate signing request (CSR) to be submitted to the CA.
- A CA signed certificate (.cer) and private key to be converted to a Personal Information Exchange Format (PFX).
Click the appropriate action for more information.
To create a CSR:
- Right-click the Windows Start menu and then click Run.
![Run](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_1.jpeg)
- In the Run UI, type MMC and then press OK.
![Run UI](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_2.jpeg)
- From the Microsoft Management Console, select File, and then Add/Remove Snap-in.
![Add/Remove Snap-in](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_3.jpeg)
- Select Certificates and then click Add.
![Certificates](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_4.jpeg)
- Select Computer account and then click Next.
![Computer account](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_5.jpeg)
- With Local computer selected, click Finish.
![Local computer](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_6.jpeg)
- Click OK.
![Adding Certificates snap-in](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_7.jpeg)
- In Console Root, expand Certificates.
![Expanding Certificates](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_8.jpeg)
- Right-click Personal, select All Tasks, Advanced Operations, and then click Create Custom Request.
![Create custom request](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_9.jpeg)
- Click Next.
![Before You Begin](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_10.jpeg)
- Under Custom Request, select Proceed without enrollment policy and then click Next.
![Select Certificate Enrollment Policy](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_11.jpeg)
- From the Custom request menu:
- Select template: (No template) Legacy key
- Select format: PKCS #10
- Click Next.
![Custom request](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_12.jpeg)
- Expand Details and then click Properties.
![Certificate Information](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_13.jpeg)
- In the General tab, populate the Friendly name and Description.
![General tab](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_14.jpeg)
- In the Subject tab:
- From subject name, populate and then Add:
- Common name (CN)
- Organization
- Locality
- State
- Country
- From alternative name, populate the Dell Data Security server DNS and then click Add.
![Subject tab](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_15.jpeg)
- In the Private Key tab:
- Expand Cryptographic Service Provider.
- Select Microsoft RSA SChannel Cryptographic Provider.
- Expand Key options.
- Select key size: 2048.
- Check Make private key exportable.
- Click OK.
![Private Key tab](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_16.jpeg)
- Click Next.
![Certificate Information](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_17.jpeg)
- Browse to a location to save the file and then click Finish.
![Destination folder](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_18.jpeg)
Note: The CSR output can now be submitted to a third-party provider or internal certificate authority (CA).
To export a .pfx:
- Bring the CA signed certificate (.cer) to the machine where the CSR originated from.
- Right-click the .cer file and then click Install Certificate.
![Install Certificate](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_19.jpeg)
Note: certtest.cer is an example certificate name. The certificate name may differ in your environment.
- In the Certificate Import Wizard, select Local Machine and then click Next.
![Local Machine](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_20.jpeg)
- Select:
- Select Place all certificates in the following store.
- Click Browse.
- Click Personal.
- Click OK.
- Click Next.
![Certificate Store](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_21.jpeg)
- Click Finish.
![Completing the Certificate Import Wizard](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_22.jpeg)
- Click OK.
![Successful import](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_23.jpeg)
- Right-click the Windows start menu and then click Run.
![Run](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_24.jpeg)
- In the Run UI, type MMC and then press OK.
![Run UI](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_25.jpeg)
- From Microsoft Management Console, select File, and then Add/Remove Snap-in.
![Add/Remove Snap-in](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_26.jpeg)
- Select Certificates and then click Add.
![Certificates](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_27.jpeg)
- Select Computer Account and then click Next.
![Computer account](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_28.jpeg)
- With Local computer selected, click Finish.
![Local computer](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_29.jpeg)
- Click OK.
![Adding Certificates snap-in](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_30.jpeg)
Note: Ensure the root certificate of the third-party provider or internal CA is installed in trusted root certificates.
- Go to Certificates, Personal, and then Certificates.
![Certificates](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_31.jpeg)
- Right-click the imported certificate (step 5), click All Tasks, and then click Export.
![Export](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_32.jpeg)
- Click Next.
![Certificate Export Wizard](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_33.jpeg)
- With Yes, export the private key selected, click Next.
![Exporting the private key](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_34.jpeg)
- From the Export File Format menu:
- Select Personal Information Exchange - PKCS #12 (.PFX).
- Check Include all certificates in the certification path if possible.
- Check Export all extended properties.
- Click Next.
![Export File Format](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_35.jpeg)
- Enter and confirm the Password. Once populated, click Next.
![Security](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_36.jpeg)
- Browse to a location to save the .pfx and then click Next.
![File to export](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_37.jpeg)
- Click Finish.
![Completing the Certificate Export Wizard](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_38.jpeg)
- Click OK.
![Successful export](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_39.jpeg)
- If using:
- Dell Security Management Server Virtual (Formerly Dell Data Protection | Virtual Edition), go to Step 24
- Dell Security Management Server (Formerly Dell Data Protection | Enterprise Edition), the .pfx creation process is completed.
- To successfully upload a .pfx, Dell Security Management Server Virtual requires:
- A completed .pfx
- A third-party FTP (file transfer protocol) client.
- Examples of an FTP client include (but are not limited to):
Note:
- Dell does not endorses or support any listed third-party product. The listed clients are meant to be an example of potential products a customer can use. Contact the product’s manufacturer for information about setup, configuration, and management.
- Your FTP Client UI may differ from the below screenshot examples.
- Launch the FTP client.
- In the FTP client, Log in with an FTP user to the Dell Security Management Server Virtual.
![FTP client login](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_40.jpeg)
- Go to
/certificates/
.
![Certificate directory](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_41.jpeg)
- Move the .pfx from where it was saved (Step 20) to /certificates/.
![Move the .pfx](https://supportkb.dell.com/img/ka06P000000Y6jDQAS/ka06P000000Y6jDQAS_en_US_42.jpeg)
- Close the FTP client.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.