HPE Storage Users Group
https://3parug.com/

Import corporate CA
https://3parug.com/viewtopic.php?f=18&t=1445
Page 1 of 1

Author:  InteraX [ Fri Jul 17, 2015 9:58 am ]
Post subject:  Import corporate CA

Hi guys,

I'm trying to setup AD authentication on our 3PAR. A prerequisite to this is that we use LDAPS.

How do I get our corporate CA installed onto our 3PAR so our certs work correctly?

Thanks.

Author:  afidel [ Fri Jul 17, 2015 10:27 am ]
Post subject:  Re: Import corporate CA

setauthparam ldap-ssl 1

Author:  InteraX [ Fri Jul 17, 2015 10:49 am ]
Post subject:  Re: Import corporate CA

Sorry, but that's not what I need.

I need to import the CA cert into the 3PAR certificate store so it trusts the certs that have been issued to out LDAP servers.

I've found the command once the cert is on the 3PAR but I can't see how to copy the cert to the 3PAR.

Author:  Reactor [ Mon Jul 20, 2015 6:33 pm ]
Post subject:  Re: Import corporate CA

Both the Java-based IMC client and the web-based SSMC are capable of uploading a custom certificate for simple LDAP connectivity.

For the CLI, you would need to paste the base64-encoded CA certificate into the CLI using the following command (including the dash at the end):
Code:
setauthparam ldap-ssl-cacert -
<paste SSL certificate text>

Author:  InteraX [ Tue Jul 21, 2015 6:21 am ]
Post subject:  Re: Import corporate CA

Reactor wrote:
Both the Java-based IMC client and the web-based SSMC are capable of uploading a custom certificate for simple LDAP connectivity.


Can you point me in the right direction for this. I can't see anywhere where I can upload a CA cert.

Author:  Reactor [ Tue Jul 21, 2015 12:21 pm ]
Post subject:  Re: Import corporate CA

Apologies—after re-reading the documentation, I have come to the conclusion that it is not possible to perform LDAP CA certificate installation through either GUI interface. The GUIs aren't my forte, as I mostly use the CLI for most configuration tasks. :ugeek:

Author:  adamdb [ Wed Jul 22, 2015 9:15 am ]
Post subject:  Re: Import corporate CA

Funny,
I'm trying to do something very similar here. We've created a CSR which was sent off to the CA for signing

createcert unified-server -csr -keysize 2048 -C XX -ST XXXX -L XXX -O XXX -OU XXX -CN hostname.fully.qualified

generated a nice pem file which we sent away.

So now I get back something to install but the manual says i need to run something akin to

importcert unified-server unified-server.pem file.pem

(the unified-server.pem part is somewhat guesswork based on the examples in the manual).

to install the pem file 'file.pem'

my question is how do i get it onto the 3par (via the SP?) and where should it go so I can refer to it?

thanks.
Ad

Author:  david [ Thu Aug 27, 2015 3:29 am ]
Post subject:  Re: Import corporate CA

You need to the the 3par cli tool, not an SSH client (if you are using one) and then use pwd to see the current directory and cd to where the file is and just use the command stated.

You didnt have any errors with the generation of the certificate then, I am, I get errors when I try to create the certificate on our CA from the CSR.

Author:  dardan [ Mon Jan 13, 2020 4:40 am ]
Post subject:  Re: Import corporate CA

adamdb wrote:
Funny,
I'm trying to do something very similar here. We've created a CSR which was sent off to the CA for signing

createcert unified-server -csr -keysize 2048 -C XX -ST XXXX -L XXX -O XXX -OU XXX -CN hostname.fully.qualified

generated a nice pem file which we sent away.

So now I get back something to install but the manual says i need to run something akin to

importcert unified-server unified-server.pem file.pem

(the unified-server.pem part is somewhat guesswork based on the examples in the manual).

to install the pem file 'file.pem'

my question is how do i get it onto the 3par (via the SP?) and where should it go so I can refer to it?

thanks.
Ad


Replying to a ancient post :)

In order for CLI to recognize the windows location, you should copy your .pem files into the directory where CLI is installed. In my case it's: C:\Program Files (x86)\Hewlett-Packard\HP 3PAR CLI\bin

A great step-by-step manual is found here: https://storcom.com/implementing-ca-cer ... imera-gui/

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/