- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Create a certificate specifying detailed information about the persona
About this task
When you generate the persona’s public/private key set and certificate request, you can specify detailed information about the Data Mover. Typically this information includes details such as the organization that uses the Data Mover and where it is located. In addition, you have the option of saving the certificate request to a specific file.
Steps
To generate a key set and request for a certificate signed by an external CA, specifying detailed information about the Data Mover and saving the certificate request to a specific file, use this command syntax:
$ server_certificate <movername> -persona -generate
{<persona_name>|id=<persona_id>} -key_size <bits>
{-cn|-common_name} <common_name> -ou <org_unit>
-organization <organization> -location <location>
-state <state> -country <country> -filename <output_path>
where:
<movername> = name of the physical Data Mover with which the persona is associated.
<persona_name> = name of the persona.
<persona_id> = ID of the persona. The ID is generated when the persona is created. You can determine the ID through the -persona -list command.
<bits> = key size, either 2048 or 4096 bits.
<common_name> = commonly used name, typically a hostname that describes the Data Mover with which the persona is associated. If the name includes any special characters (such as a semi-colon, space character, or exclamation), it must be enclosed in quotation marks.
<org_unit> = name of the organizational unit. If the name includes any special characters (such as a semi-colon, space character, or exclamation), it must be enclosed in quotation marks.
<organization> = name of the organization.
<location> = physical location of the organization.
<state> = state where the organization is located.
<country> = country where the organization is located.
<output_path> = name and path where the generated request are written.
NOTE: The -ou, -organization, -location, -state, and -country arguments are optional.
NOTE: The -filename argument is only valid if the certificate will be signed by an external CA.
NOTE: Certificate requests are generated in PEM format only.
Example:
To generate a key set and request for a certificate signed by an external CA, specifying detailed information about the Data Mover and saving the certificate request to a specific file, type:
$ server_certificate server_2 -persona -generate default -key_size 4096 -cn ‘name;1.2.3.4’ -ou ‘my.org;my dept’ -organization EMC -location Hopkinton -state MA -country US -filename /tmp/server_2.1.request.pem
Output:
server_2 : Starting key generation. This could take a long time ... done
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\