HPE Storage Users Group

A Storage Administrator Community




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Import corporate CA
PostPosted: Fri Jul 17, 2015 9:58 am 

Joined: Fri Jul 17, 2015 6:08 am
Posts: 30
Hi guys,

I'm trying to setup AD authentication on our 3PAR. A prerequisite to this is that we use LDAPS.

How do I get our corporate CA installed onto our 3PAR so our certs work correctly?

Thanks.


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Fri Jul 17, 2015 10:27 am 

Joined: Tue May 07, 2013 1:45 pm
Posts: 216
setauthparam ldap-ssl 1


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Fri Jul 17, 2015 10:49 am 

Joined: Fri Jul 17, 2015 6:08 am
Posts: 30
Sorry, but that's not what I need.

I need to import the CA cert into the 3PAR certificate store so it trusts the certs that have been issued to out LDAP servers.

I've found the command once the cert is on the 3PAR but I can't see how to copy the cert to the 3PAR.


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Mon Jul 20, 2015 6:33 pm 

Joined: Wed Oct 16, 2013 9:03 pm
Posts: 44
Location: Chicago
Both the Java-based IMC client and the web-based SSMC are capable of uploading a custom certificate for simple LDAP connectivity.

For the CLI, you would need to paste the base64-encoded CA certificate into the CLI using the following command (including the dash at the end):
Code:
setauthparam ldap-ssl-cacert -
<paste SSL certificate text>


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Tue Jul 21, 2015 6:21 am 

Joined: Fri Jul 17, 2015 6:08 am
Posts: 30
Reactor wrote:
Both the Java-based IMC client and the web-based SSMC are capable of uploading a custom certificate for simple LDAP connectivity.


Can you point me in the right direction for this. I can't see anywhere where I can upload a CA cert.


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Tue Jul 21, 2015 12:21 pm 

Joined: Wed Oct 16, 2013 9:03 pm
Posts: 44
Location: Chicago
Apologies—after re-reading the documentation, I have come to the conclusion that it is not possible to perform LDAP CA certificate installation through either GUI interface. The GUIs aren't my forte, as I mostly use the CLI for most configuration tasks. :ugeek:


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Wed Jul 22, 2015 9:15 am 

Joined: Wed Mar 12, 2014 11:27 am
Posts: 25
Funny,
I'm trying to do something very similar here. We've created a CSR which was sent off to the CA for signing

createcert unified-server -csr -keysize 2048 -C XX -ST XXXX -L XXX -O XXX -OU XXX -CN hostname.fully.qualified

generated a nice pem file which we sent away.

So now I get back something to install but the manual says i need to run something akin to

importcert unified-server unified-server.pem file.pem

(the unified-server.pem part is somewhat guesswork based on the examples in the manual).

to install the pem file 'file.pem'

my question is how do i get it onto the 3par (via the SP?) and where should it go so I can refer to it?

thanks.
Ad


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Thu Aug 27, 2015 3:29 am 

Joined: Tue May 05, 2015 10:56 am
Posts: 44
You need to the the 3par cli tool, not an SSH client (if you are using one) and then use pwd to see the current directory and cd to where the file is and just use the command stated.

You didnt have any errors with the generation of the certificate then, I am, I get errors when I try to create the certificate on our CA from the CSR.


Top
 Profile  
Reply with quote  
 Post subject: Re: Import corporate CA
PostPosted: Mon Jan 13, 2020 4:40 am 

Joined: Wed Sep 03, 2014 7:58 am
Posts: 9
adamdb wrote:
Funny,
I'm trying to do something very similar here. We've created a CSR which was sent off to the CA for signing

createcert unified-server -csr -keysize 2048 -C XX -ST XXXX -L XXX -O XXX -OU XXX -CN hostname.fully.qualified

generated a nice pem file which we sent away.

So now I get back something to install but the manual says i need to run something akin to

importcert unified-server unified-server.pem file.pem

(the unified-server.pem part is somewhat guesswork based on the examples in the manual).

to install the pem file 'file.pem'

my question is how do i get it onto the 3par (via the SP?) and where should it go so I can refer to it?

thanks.
Ad


Replying to a ancient post :)

In order for CLI to recognize the windows location, you should copy your .pem files into the directory where CLI is installed. In my case it's: C:\Program Files (x86)\Hewlett-Packard\HP 3PAR CLI\bin

A great step-by-step manual is found here: https://storcom.com/implementing-ca-cer ... imera-gui/


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 


Who is online

Users browsing this forum: Google [Bot] and 33 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group | DVGFX2 by: Matt