Update SnapCreator SSL Certificate

SVOLLRAT1 · ‎2014-07-07

Hi Guys

Is there a way to replace the built in SSL Certificate delivered with SC 4.1 with an own self-signed or trusted one?

The Certificate Error stated due to the not matching hostname causes annoying error-messages and on certain hardened Browser-Settings prevents the GUI from loading altogether.

Thanks

Stefan

clilescapario · ‎2014-07-07

The keystore file path and keystore password is in snapcreator.properties. I'm not sure how the agent-to-server communication is configured (if any) to be verified.

SVOLLRAT1 · ‎2014-07-07

It's not about Server <> Agent, I'm referring to Server <> GUI/Browser

That the Server and Agent don't create individual Keys during installation is another thing.

Right now my concern is just the HTTPS-Certificate delivered from the Server that is issued to NetApp and a blank Host instead of our Company and the appropriate Hostnames.

SVOLLRAT1 · ‎2014-07-08

Our Management-Environment is configured to block all HTTPS connections that don't deliver appropriate Certificates, so using SC via GUI is currently only possible with workarounds.

spinks · ‎2014-07-09

Stefan,

Here are the directions that I have.

SC Engineering said that these are the directions to change the Server/GUI HTTPS cert, not the agent/server cert:

To load customer specific keystore ( Created using the Customer Certificate and corresponding private keys)

Stop Snapcreator server.
In the installation directory – go to “scServer4.1.0c/engine/etc”
- Replace the keystore “keystore.jks“ with the new keystore file
- Update the following entries in the snapcreator.properties file
  - SNAPCREATOR_KEYSTORE_PATH --> releative location to the keystore w.r.t installation directory.
  - SNAPCREATOR_KEYSTORE_PASS --> keystore passwd
Start the snapcreator server

Please let us know.

Thanks,

John

SVOLLRAT1 · ‎2014-07-09

Hi John

I can create a ordinary x.509 but I don’t think this will be compatible with *.jks File-Format you are using in SC

How should it be converted?

Thanks in advance

Stefan

spinks · ‎2014-07-09

Sorry, I don't know. I'll ping engineering and get back to you as soon as they get back to me.

John

amarnatr · ‎2014-07-11

Hi Stefan,

You can create directly the Java key store file (.jks) file.

In the below link -- refer to the section " Generate a Self Signed Certificate using Java Keytool" for creating the Java key store file.

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

Thanks,

Amar

SVOLLRAT1 · ‎2014-07-11

Hi Amar

Thanks for the Hint.

Selfsigned unfortunately won’t cut it, has to be signed by our own Company-CA.

So would need something to convert the signed Certs to the Java-Format.

Cheers

Stefan

amarnatr · ‎2014-07-14

Try the steps in these links to import certs in to a java key store.

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

BTW what is format of the signed certificate you have?

Update SnapCreator SSL Certificate

We're on Discord, are you?

Meet Explore, NetApp’s digital sales platform