Skip to main content
SANtricity commands

Generate web server Certificate Signing Request (CSR)

Contributors netapp-driley

The save controller arrayManagementCSR command generates a Certificate Signing Request (CSR) for the controller.

Supported Arrays

This command applies to an individual E4000, E2800, E5700, EF600 or EF300 storage array. It does not operate on E2700 or E5600 storage arrays.

Roles

To execute this command on an E4000, E2800, E5700, EF600, or EF300 storage array, you must have the Security Admin role.

Context

The CSR must be signed by a Certificate Authority (CA). The resulting signed certificate is installed on the controller's web server so that browsers can automatically trust the controller's web server when trying to manage the array. Perform this action for each controller.

Syntax

save controller [(a|b)] arrayManagementCSR
     commonName="ipOrDnsName"
     [alternateIPAddresses=(ipvX1...ipvXN)]
     [alternateDnsNames=("dnsName1"..."dnsNameN")]
     organization="organizationName"
     [organizationalUnit="organizationalUnitName"]
     locality="cityOrLocality"
     [stateProvince="stateOrRegion"]
     country="string"
     keySize=["2048 | 3072 | 4096 "]
     file="filename"

Parameters

Parameter Description

controller

Allows you to specify the controller on which you want to create the CSR for. Valid controller identifiers are a or b, where a is the controller in slot A, and b is the controller in slot B. Enclose the controller identifier in square brackets ([ ]).

commonName

Allows you to specify the IP address or DNS name of the controller. This must match exactly what will be typed in the browser to access System Manager (do not include http:// nor https://) or there will be a name mismatch error.

alternateIPAddresses

Allows you to specify additional IP addresses or aliases for the controller. Enclose all the IP addresses in parentheses. If you enter more than one IP address, separate them with a space.

alternateDnsNames

Allows you to specify additional DNS names for the controller. Enclose all the DNS names in parentheses. If you enter more than one name, separate them with a space.

organization

Allows you to specify the organization's full legal name that the storage array belongs to. Do not abbreviate it and include any suffixes such as Inc, Corp, or LLC.

organizationalUnit

Allows the user to specify the organization's division that handles the certificate.

locality

Allows you to specify the city or locality where the storage array is located.

stateProvince

Allows you to specify the state or region where the storage array is located. This should not be abbreviated.

country

Allows you to specify your country's two-digit ISO (International Organization for Standardization) code, such as US.

keySize

Allows you to specify a value of 2048, 3072, or 4096 for the server's key size. The default key size is 3072 if no key size is selected.

file

Allows you to specify the file for which to save the controller's CSR file.

Examples

SMcli -n Array1 -c "save controller [a] arrayManagementCSR
   commonName="ictd0702s05c01-a.ict.englab.xyz.com"
   alternateIPAddresses=(10.113.174.190 10.113.174.191)
   alternateDnsNames=("ictd0702s05c01-b.ict.englab.xyz.com")
   organization="Company"
   locality="Wichita"
   stateProvince="Kansas"
   country="US"
   file="C:\storage_array_csr.csr";"

SMcli completed successfully.

Minimum firmware level

8.40