Generate a self-signed certificate for the CIM server
Suggest changes
PDFs
By default, SSL authentication is enabled for the CIM server. During the SMI-S Provider installation, a self-signed certificate for the CIM server is installed in the pegasus directory. You can generate your own self-signed certificate and use it rather than the default certificate.
-
You must already have logged in as Administrator.
-
You must already have accessed SMI-S Provider.
-
Download the
openssl.cnffile from the following location: http://web.mit.edu/crypto/openssl.cnf -
Move the
openssl.cnffile to the bin directory:%PEGASUS_HOME%\bin\openssl.cnf -
Set the
OPENSSL_CONFenvironmental variable to the location of theopenssl.cnffile:C:\ >set OPENSSL_CONF=%PEGASUS_HOME%\bin\openssl.cnfThis only sets the environment variable for the duration of the current Command Prompt session. If you want to permanently set the environment variable, you can use one of the following options:
-
Navigate to Properties > Environmental Variables and update the variable under System.
-
Use Command Prompt to permanently set the variable:
setx OPENSSL_CONF “%PEGASUS_HOME%\bin\openssl.cnf.The variable is set when you open a new Command Prompt session.
-
-
Navigate to the
%PEGASUS_HOME%\bindirectory:C:\cd %pegasus_home%\bin -
Generate a private key:
openssl genrsa -out cimom.key 2048 -
Generate a certificate request:
openssl req -new -key cimom.key -out cimom.csr -
Enter your information for the certificate request when prompted.
-
Generate the self-signed certificate:
openssl x509 -in cimom.csr -out cimom.cert -req -signkey cimom.key -days 1095You can provide a different number of days for which the certificate is valid.
-
Copy the
cimom.keyandcimom.certfiles to thepegasusdirectory (Windows:C:\Program Files (x86)\NetApp\smis\pegasus).
Result
The certificate date range starts at the current date and runs for the number of days specified.