Data Backup and Recovery Discussions

Update SnapCreator SSL Certificate

SVOLLRAT1

Hi Guys

Is there a way to replace the built in SSL Certificate delivered with SC 4.1 with an own self-signed or trusted one?

The Certificate Error stated due to the not matching hostname causes annoying error-messages and on certain hardened Browser-Settings prevents the GUI from loading altogether.

Thanks

Stefan

9 REPLIES 9

clilescapario

The keystore file path and keystore password is in snapcreator.properties. I'm not sure how the agent-to-server communication is configured (if any) to be verified.

SVOLLRAT1

It's not about Server <> Agent, I'm referring to Server <> GUI/Browser

That the Server and Agent don't create individual Keys during installation is another thing.

Right now my concern is just the HTTPS-Certificate delivered from the Server that is issued to NetApp and a blank Host instead of our Company and the appropriate Hostnames.

SVOLLRAT1

Our Management-Environment is configured to block all HTTPS connections that don't deliver appropriate Certificates, so using SC via GUI is currently only possible with workarounds.

spinks

Stefan,

Here are the directions that I have.

SC Engineering said that these are the directions to change the Server/GUI HTTPS cert, not the agent/server cert:

To load customer specific keystore ( Created using the Customer Certificate and corresponding private keys)

  1. Stop Snapcreator server.
  2. In the installation directory – go to “scServer4.1.0c/engine/etc”
    • Replace the keystore “keystore.jks“ with the new keystore file
    • Update the following entries in the snapcreator.properties file  
      • SNAPCREATOR_KEYSTORE_PATH --> releative location to the keystore w.r.t installation directory.
      • SNAPCREATOR_KEYSTORE_PASS --> keystore passwd
  3. Start the snapcreator server

Please let us know.

Thanks,

John

SVOLLRAT1

Hi John

I can create a ordinary x.509 but I don’t think this will be compatible with *.jks File-Format you are using in SC

How should it be converted?

Thanks in advance

Stefan

spinks

Sorry, I don't know. I'll ping engineering and get back to you as soon as they get back to me.

John

amarnatr

Hi Stefan,

You can create directly the Java key store file (.jks) file.

In the below link -- refer to the section " Generate a Self Signed Certificate using Java Keytool" for creating the Java key store file.

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

Thanks,

Amar

SVOLLRAT1

Hi Amar

Thanks for the Hint.

Selfsigned unfortunately won’t cut it, has to be signed by our own Company-CA.

So would need something to convert the signed Certs to the Java-Format.

Cheers

Stefan

amarnatr

Try the steps in these links to import certs in to a java key store.

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

BTW what is format of the signed certificate you have?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public