Skip to main content
NetApp SMI-S Provider

Generate a self-signed certificate for the CIM server

Contributors netapp-aoife
PDFs

By default, SSL authentication is enabled for the CIM server. During the SMI-S Provider installation, a self-signed certificate for the CIM server is installed in the pegasus directory. You need to generate your own self-signed certificate instead of using the default certificate.

Caution When you install the SMI-S Provider, the default self-signed certificate that is installed is outdated. As a result, the SSL connection to the SMI-S Provider fails from Add Storage Devices in the System Center Virtual Machine Manager (SCVMM). You need to generate a self-signed certificate for the CIM server and restart the SMI-S Provider service afterwards. For more information, refer to the NetApp Knowledge Base article: "CSMIS-3: cimom.cert in NetApp SMI-S Provider 5.2.7 is expired at the time of installation."
Before you begin

  • You must already have logged in as Administrator.

  • You must already have accessed SMI-S Provider.

  • You must have downloaded and installed OpenSSL on your Windows host.

Steps

  1. Download the openssl.cnf file from the following location: http://web.mit.edu/crypto/openssl.cnf

  2. Move the openssl.cnf file to the bin directory:

    %PEGASUS_HOME%\bin\openssl.cnf

  3. Set the OPENSSL_CONF environmental variable to the location of the openssl.cnf file:

    C:\ >set OPENSSL_CONF=%PEGASUS_HOME%\bin\openssl.cnf

    This only sets the environment variable for the duration of the current Command Prompt session. If you want to permanently set the environment variable, you can use one of the following options:

    • Navigate to Properties > Environmental Variables and update the variable under System.

    • Use Command Prompt to permanently set the variable:

      setx OPENSSL_CONF “%PEGASUS_HOME%\bin\openssl.cnf.

      The variable is set when you open a new Command Prompt session.

  4. Navigate to the %PEGASUS_HOME%\bin directory:

    C:\cd %pegasus_home%\bin

  5. Generate a private key:

    openssl genrsa -out cimom.key 2048

  6. Generate a certificate request:

    openssl req -new -key cimom.key -out cimom.csr

  7. Enter your information for the certificate request when prompted.

  8. Generate the self-signed certificate:

    openssl x509 -in cimom.csr -out cimom.cert -req -signkey cimom.key -days 1095

    You can provide a different number of days for which the certificate is valid.

  9. Copy the cimom.key and cimom.cert files to the pegasus directory (Windows: C:\Program Files (x86)\NetApp\smis\pegasus).

  10. Restart the SMI-S Provider service:

    smis cimserver restart

Result

The certificate date range starts at the current date and runs for the number of days specified.