EF & E-Series, SANtricity, and Related Plug-ins

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EF & E-Series, SANtricity, and Related Plug-ins

Ask a Question

E-Series (E2860) certificate CSR request

sanadmin_do
yesterday
139 Views

Two of our E-Series certificates have expired. We would now like to have our internal CA issue two new ones. However, since September 2024, our colleagues at the CA have required CSR requests with a length of 4096 bits. Can the length of 4096 bits be set in the SANtricity environment? Or are the CSR requests always issued with 2048 bits?

0 Kudos
1 ACCEPTED SOLUTION

ahmadm
NetApp
yesterday
97 Views

As of SANtricity OS 11.80.1, the E-Series generated CSR for management certificate uses a 3072 bit key. If 4096 is desired, then the CSR need to be generated externally (e.g Using openSSL).

 

As for SANtricity OS 11.80, the E-Series external key management service CSR generated by E-Series defaults to 3072 bits key. The default can be increased to 4096 bits if needed, but this change / method does not apply to the management certificate of E-Series Web-UI.

 

View solution in original post

0 Kudos
3 REPLIES 3

ahmadm
NetApp
yesterday
98 Views

As of SANtricity OS 11.80.1, the E-Series generated CSR for management certificate uses a 3072 bit key. If 4096 is desired, then the CSR need to be generated externally (e.g Using openSSL).

 

As for SANtricity OS 11.80, the E-Series external key management service CSR generated by E-Series defaults to 3072 bits key. The default can be increased to 4096 bits if needed, but this change / method does not apply to the management certificate of E-Series Web-UI.

 

0 Kudos

sanadmin_do
yesterday
49 Views

Thanks for the information. I'm now trying to create the CSR request with the parameter "4096". But I always get the error message "Encountered "keySize" at line 1, column 201. Was expecting: "file" ...". I specified keySize="4096". According to the documentation, this is correct.

0 Kudos

ahmadm
NetApp
an hour ago
7 Views

I am not sure which utility you are using to generate the CSR, but below are the commands to generate the CSR and 4096 bits key using openssl. Once the CSR is signed by your CA, then you can upload the int/root certs, the signed server cert and the private key (generated below) into SANtricity System Manager.

 

  • openssl genpkey -algorithm RSA -out server_cert_private.key -pkeyopt rsa_keygen_bits:4096
  • openssl req -new -key server_cert_private.key -out server_cert_csr.csr
0 Kudos
Announcements
All Community Forums
Public