Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.11 Cyber Recovery User Guide

Updating the SSL security certificate

Update an SSL security certificate in the Cyber Recovery deployment with a custom security certificate.

Prerequisites

  • The Cyber Recovery software is installed, and the deployment is up and running.
  • You have knowledge about managing security certificates.
  • Your browser is set up to accept security certificates.

About this task

You can replace an SSL security certificate with your own security certificate. For example, replace the SSL security certificate with a CA-signed certificate to avoid a warning message when you access the Cyber Recovery UI. The operating system and web browser for the Cyber Recovery deployment automatically trust and authenticate this certificate.

Steps

  1. Log in to the Cyber Recovery management host.
  2. Generate a certificate signing request (CSR), which is required to apply for a CA-signed certificate:
    1. Run the crsetup.sh --gencertrequest script.
    2. At each prompt, either enter the information for your deployment or press Enter to omit the information and go to the next prompt.
    3. When prompted, confirm the information that you provided.
    4. Enter the lockbox passphrase.

    The script lists the following information, which is essential for the certificate:

    • DNS name of the Cyber Recovery management host
    • IP address of the Cyber Recovery management host
    • URIs for HTTPS access and connections
    NOTE You must use these exact values when you submit the CSR to the CA.
    The crsetup.sh script generates a certificate signing request file: CRSERVICE.csr.
  3. Submit the CRSERVICE.csr file to the CA to apply for a CA-signed certificate.
    NOTE
    • Ensure that you submit the exact information from the previous step to the CA.
    • The Cyber Recovery software uses the name CRSERVICE by default to generate the certificate. However, you can use any meaningful file name for your deployment.
    The CA returns a <certificatename>.crt file.
  4. Add the CA-signed certificate to the Cyber Recovery deployment:
    1. Copy the <certificatename>.crt file (returned by the CA) into the same directory on the Cyber Recovery management host.
    2. Run the crsetup.sh --addcustcert script.
      The script stops the Docker container services.
    3. At the prompt, enter the full path where the <certificatename>.crt files is located.
      For example:
      /opt/dellemc/cr/bin/<certificatename>.crt
    4. Enter the lockbox passphrase.

      The script displays an informational message that indicates that the signed certificate has been added successfully, and then restarts the Docker container services.

      NOTE The Cyber Recovery software validates the certificate and key files and verifies the information from the CSR (as described in step 2). It also validates the certificate start date, which must be current, and the certificate duration, which must exceed one year.
    The script starts the Docker container services whether the addition of the certificate succeeds or fails.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\