Data Backup and Recovery Discussions
Is there a way to replace the built in SSL Certificate delivered with SC 4.1 with an own self-signed or trusted one?
The Certificate Error stated due to the not matching hostname causes annoying error-messages and on certain hardened Browser-Settings prevents the GUI from loading altogether.
The keystore file path and keystore password is in snapcreator.properties. I'm not sure how the agent-to-server communication is configured (if any) to be verified.
It's not about Server <> Agent, I'm referring to Server <> GUI/Browser
That the Server and Agent don't create individual Keys during installation is another thing.
Right now my concern is just the HTTPS-Certificate delivered from the Server that is issued to NetApp and a blank Host instead of our Company and the appropriate Hostnames.
Our Management-Environment is configured to block all HTTPS connections that don't deliver appropriate Certificates, so using SC via GUI is currently only possible with workarounds.
Here are the directions that I have.
SC Engineering said that these are the directions to change the Server/GUI HTTPS cert, not the agent/server cert:
To load customer specific keystore ( Created using the Customer Certificate and corresponding private keys)
Please let us know.
I can create a ordinary x.509 but I don’t think this will be compatible with *.jks File-Format you are using in SC
How should it be converted?
Thanks in advance
Sorry, I don't know. I'll ping engineering and get back to you as soon as they get back to me.
You can create directly the Java key store file (.jks) file.
In the below link -- refer to the section " Generate a Self Signed Certificate using Java Keytool" for creating the Java key store file.
Thanks for the Hint.
Selfsigned unfortunately won’t cut it, has to be signed by our own Company-CA.
So would need something to convert the signed Certs to the Java-Format.
Try the steps in these links to import certs in to a java key store.
BTW what is format of the signed certificate you have?