- Notes, cautions, and warnings
- Getting Started
- Post-Deployment Activities
- Post-deployment tasks
- Post-deployment task checklist
- Prepare lockbox files for Java upgrade
- Create the lockbox
- Customer support
- Configure native users
- Configure LDAP users
- Configure SNMP
- Enable OpenSSL FIPS compliance
- Create and map volumes
- Set up replication on peer systems
- Install and configure PowerFlex SRA
- Post-deployment best practice suggestions
- Link PowerFlex presentation server to the MDM cluster
- View MDM certificate details in the PowerFlex GUI
- Configure the SDS for NVDIMM health awareness
- Post-deployment tasks
- PowerFlex Performance Fine-Tuning
- PowerFlex performance fine-tuning
- Tune PowerFlex for best performance
- Performance tuning post-installation
- PowerFlex system changes
- Optimize Linux
- Optimize ESXi
- Optimize SVM settings
- Optimizing VM guests
- Optimize Hyper-V
- Optimize AIX
- Optimize Windows
- PowerFlex Performance Parameters
- RAID controller virtual disk settings
- Apply Performance Profiles to system components
- PowerFlex performance fine-tuning
- Configure and Customize
- Configuration
- Protection Domains
- Fault Sets
- SDS
- Storage Pools
- Configuring acceleration
- Devices
- Volumes
- Configuring SDCs
- Manual SDC configuration/verification
- Update approved SDC IP addresses using the PowerFlex GUI
- Approve SDCs using the PowerFlex GUI
- Restricted SDC mode
- Add an external SDC to an existing PowerFlex system
- SDC operations
- Update the SDC driver with IP address changes
- Detecting new volumes
- Query volumes using drv_cfg
- Query tgt objects using drv_cfg
- Query GUID using drv_cfg
- Query MDMs using drv_cfg
- Loading a configuration file using drv_cfg
- Adding an MDM using drv_cfg
- Modifying an MDM IP address using drv_cfg
- Permanent Device Loss state
- Update the SDC parameters in VMware based HCI or compute node
- Run the SDC driver on RHEL\SLES with multipath enabled
- SDC authentication
- Apply Performance Profiles to system components
- RFcache (xcache) package installation
- Increase SVM memory to accommodate additional SDS device
- Modify an SDS port during I/O
- Configure the PowerFlex presentation server
- Unlink from the MDM cluster
- PowerFlex VASA provider and vVols
- MDM Cluster
- Configuring MDM cluster
- Configure virtual IP addresses using the PowerFlex Installer
- Security
- Approving pending security certificates
- Default self-signed certificate expires on the PowerFlex Gateway
- Default self-signed certificate expires on PowerFlex GUI
- Upgrade the PowerFlex Gateway when a custom certificate is used
- Change the PowerFlex Gateway's keystore password
- Change the PowerFlex presentation server's keystore password
- Change the PowerFlex presentation server's truststore password
- Certificate management for PowerFlex presentation server
- Certificate management for PowerFlex Gateway
- Use SSH authentication for the PowerFlex Gateway
- Configure SSL component authentication
- Configure SDC access to the MDM
- Approved encryption methods
- Login banner overview
- Managing LIA security
- User Management
- Fault reporting features
- Add, Remove or Rename Components
- Logs
- LIA
- Configuration
- Protection
- Snapshots
- Snapshot policies
- Remote Protection
- Add a peer system
- SDR journal capacity
- Restart the replication cluster
- SDR
- Replication Consistency Group
- Replication direction and mapping
- Add a RCG
- Map RCG target volumes to SDC
- Unmap an SDC from RCG target volumes
- Set target to inconsistent mode
- Set target to consistent mode
- Modify RPO
- Add a replication pair to RCG
- Pause RCG
- Create snapshot of RCG volume
- Failover
- Reverse replication
- Restore replication
- Test Failover
- Test failover stop
- Freeze RCG
- Unfreeze RCG
- Activate RCG
- Terminate RCG
- Pause initial copy
- Resume initial copy
- Set priority
- Unpair from RCG
- VMware environment specific tasks
- Operating System Patching
Configure and Customize Dell PowerFlex v3.6.x
Replace the default self-signed security certificate with your own trusted certificate
Create your own trusted certificate, and then replace the default certificate with the one that you created.
Steps
-
Find the location of
keytool on your server.
It is a part of the Java (JRE or JDK) installation on your server, in the bin directory. For example: /usr/bin/keytool
-
Generate your RSA private key:
keytool -genkey -alias <YOUR_ALIAS> -keyalg RSA -keystore <PATH_TO_NEW_KEYSTORE_FILE>
NOTE:For <PATH_TO_NEW_KEYSTORE_FILE>, specify a nonexistent file under the /etc/mgmt-server/.config directory, for example /etc/mgmt-server/.config/mgmt-server.jks.-
You will be prompted for a keystore and private key passwords. If you want to define a password without being prompted, add the following parameters to the command. Use the same password for both parameters.
-storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD>
-
You will be prompted for a keystore and private key passwords. If you want to define a password without being prompted, add the following parameters to the command. Use the same password for both parameters.
-
Generate a Certificate Signing Request (CSR) by typing the following command:
If you omit the password flags, you will be prompted for the keystore and private key passwords.
keytool -certreq -keyalg RSA -alias <YOUR_ALIAS> -file certreq.txt -keystore <PATH_TO_NEW_KEYSTORE_FILE> -storepass <KEYSTORE_PASSWORD> -keypass <KEYSTORE_PASSWORD> -keypass <PRIVATE_KEY_PASSWORD>
-
Use the CSR to obtain a new certificate from a third-party trusted SSL certificate provider (CA).
The CA returns the following files:
- A certificate for the Presentation Server
- Trusted root and possibly one or more intermediate certificates from the CA
NOTE:The certificates must be in PEM format.Save the certificate files on your server. -
Concatenate all the provided certificates into one file.
cat <LOCATION_OF_SIGNED_SSL_CERTIFICATE_FILE> [<LOCATION_OF_YOUR_INTERMEDIATE_CA_CERTIFICATE_FILE> ...] <LOCATION_OF_YOUR_ROOT_CA_CERTIFICATE_FILE> mgmt-server-chain.crt
-
Install the SSL certificate chain under the same alias of the CSR in step three.
If you omit the password flags, you will be prompted for the keystore and private key passwords.
keytool -importcert -alias <YOUR_ALIAS> -keystore <PATH_TO_NEW_KEYSTORE_FILE> -file mgmt-server-chain.crt -storepass <KEYSTORE_PASSWORD> -keypass <PRIVATE_KEY_PASSWORD>
-
Edit the Management Server configuration file,
/etc/mgmt-server/.config/mgmt-server.
- If the file does not exist, create it.
-
If the file already contains the
MGMT_SERVER_OPTIONS parameter, add the keystore-related parameters to any existing ones.
NOTE:For the value of backend.httpd.keystoreResource specify the keystore file name, without the directory. For example, if the path of the keystore file is /etc/mgmt-server/.config/mgmt-server.jks.use mgmt-server.jks.
MGMT_SERVER_OPTIONS='backend.httpd.keystoreResource=<FILE_NAME_OF_NEW_KEYSTORE_FILE> backend.httpd.keystorePassword=<KEYSTORE_PASSWORD> backend.httpd.keyManagerPassword=<PRIVATE_KEY_PASSWORD>'
-
Restart the
PowerFlex presentation server service. Type the following command:
service mgmt-server restart
Replacement of the security certificate is complete.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\