Subscribe
SVOLLRAT1

Update SnapCreator SSL Certificate

[ Edited ]

‎2014-07-07 03:01 AM - edited ‎2015-12-18 12:23 AM

Hi Guys

Is there a way to replace the built in SSL Certificate delivered with SC 4.1 with an own self-signed or trusted one?

The Certificate Error stated due to the not matching hostname causes annoying error-messages and on certain hardened Browser-Settings prevents the GUI from loading altogether.

Thanks

Stefan

0 Kudos
clilescapario

Re: Update SnapCreator SSL Certificate

‎2014-07-07 07:46 PM

The keystore file path and keystore password is in snapcreator.properties. I'm not sure how the agent-to-server communication is configured (if any) to be verified.

0 Kudos
SVOLLRAT1

Re: Update SnapCreator SSL Certificate

‎2014-07-07 11:50 PM

It's not about Server <> Agent, I'm referring to Server <> GUI/Browser

That the Server and Agent don't create individual Keys during installation is another thing.

Right now my concern is just the HTTPS-Certificate delivered from the Server that is issued to NetApp and a blank Host instead of our Company and the appropriate Hostnames.

0 Kudos
SVOLLRAT1

Re: Update SnapCreator SSL Certificate

‎2014-07-08 12:02 AM

Our Management-Environment is configured to block all HTTPS connections that don't deliver appropriate Certificates, so using SC via GUI is currently only possible with workarounds.

0 Kudos
spinks
NetApp

Re: Update SnapCreator SSL Certificate

‎2014-07-09 05:11 AM

Stefan,

Here are the directions that I have.

SC Engineering said that these are the directions to change the Server/GUI HTTPS cert, not the agent/server cert:

To load customer specific keystore ( Created using the Customer Certificate and corresponding private keys)

  1. Stop Snapcreator server.
  2. In the installation directory – go to “scServer4.1.0c/engine/etc”
    • Replace the keystore “keystore.jks“ with the new keystore file
    • Update the following entries in the snapcreator.properties file  
      • SNAPCREATOR_KEYSTORE_PATH --> releative location to the keystore w.r.t installation directory.
      • SNAPCREATOR_KEYSTORE_PASS --> keystore passwd
  3. Start the snapcreator server

Please let us know.

Thanks,

John

0 Kudos
SVOLLRAT1

Re: Update SnapCreator SSL Certificate

‎2014-07-09 05:51 AM

Hi John

I can create a ordinary x.509 but I don’t think this will be compatible with *.jks File-Format you are using in SC

How should it be converted?

Thanks in advance

Stefan

0 Kudos
spinks
NetApp

Re: Update SnapCreator SSL Certificate

‎2014-07-09 05:58 AM

Sorry, I don't know. I'll ping engineering and get back to you as soon as they get back to me.

John

0 Kudos
amarnatr
NetApp

Re: Update SnapCreator SSL Certificate

‎2014-07-11 04:25 AM

Hi Stefan,

You can create directly the Java key store file (.jks) file.

In the below link -- refer to the section " Generate a Self Signed Certificate using Java Keytool" for creating the Java key store file.

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

Thanks,

Amar

0 Kudos
SVOLLRAT1

Re: Update SnapCreator SSL Certificate

‎2014-07-11 04:56 AM

Hi Amar

Thanks for the Hint.

Selfsigned unfortunately won’t cut it, has to be signed by our own Company-CA.

So would need something to convert the signed Certs to the Java-Format.

Cheers

Stefan

0 Kudos
amarnatr
NetApp

Re: Update SnapCreator SSL Certificate

‎2014-07-14 04:39 AM

Try the steps in these links to import certs in to a java key store.

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore

BTW what is format of the signed certificate you have?