Unsolved
This post is more than 5 years old
6 Posts
0
5182
May 9th, 2016 13:00
Apply Certificate to Data Collector Manager
I'm trying to apply a certificate to the Data Collector Manager for Enterprise Manager 2015 R3. I create the correct files using a .PEM for the public and a .PFX for the private key.
I used OpenSSL to create the .pfx file with the below parameters:
openssl pkcs12 -export -out mylittlepfx.pfx -inkey key.pem -in cert.cer -name delldata
From what I read on an OpenSSL website is -name is creating the alias. But when I add all the correct files, password and alias. I receive an error:
Error registering certificate on Data Collector. Verify certificate and key are in a supported format.
No Events found!
RMills1
25 Posts
0
January 18th, 2017 08:00
I'm sorry to revive an old thread, but I'm trying to do the same thing and can't get it. I'm on Storage Manager 2016 R2 Virtual Appliance. I've tried the certs a few different ways, but it says der/pem for the public cert and pfx for the key (which is odd considering that pfx contains both public cert and key). I'm getting "An unexpected server error occurred". Anyone out there have any luck with this?
RMills1
25 Posts
0
January 18th, 2017 09:00
After some more trying, it goes worse. I managed to get it to say it successfully imported my certificate, and it was supposed to auto restart...but it didn't. So I manually restarted the VA, but the certificate didn't apply. On top of that, now I after a restart, it takes 3 minutes after the web UI comes up before I can log in. I think I'm going to give up. :(
RMills1
25 Posts
1
January 18th, 2017 09:00
Well...now it's even weirder. After I restarted the VA, I gave the cert one more try. Used the local admin account, and it worked.
Here's the rough steps I did (you might want to reboot before doing the import in DSM):
1. Used IIS to create some domain certs (google it). This requires you have an internal Windows Certificate Authority properly configured, but you could also get the cert any other way you normally do.
2. Exported it to pfx. (You can then use openssl to turn it into what you need, but we'll do it the GUI way.)
3. Run the pfx on your local computer and import it into your (current user) profile.
4. Run certmgr.msc
5. Find the cert under Personal | Certificates
6. Export it without private key to Base-64 format
7. Download Portecle from portecle.sourceforge.net
8. Open the pfx with Portecle
9. Copy the Alias of the key (right click and rename to be able to copy it)
10. Log into DSM with the local admin account
11. Choose the .cer (Base-64) file for the first cert selection
12. Choose the .pfx for the second cert selection
13. Paste the alias into the alias box
14. Enter the password
15. Success!
Alex Reno
6 Posts
0
January 18th, 2017 12:00
Here's what worked for me if you have a certificate authority server:
In OpenSSL from cmd prompt
openssl genrsa -out dsmkey.pem 2048
openssl req -key dsmkey.pem -new -out dsmcsr.req
On the CAS
certreq -submit -attrib “Certificate Template:WebServer” "C:\Program Files\OpenSSL-Win64\bin\dsmcsr.req"
named file cert.pem
In OpenSSL from cmd prompt
openssl pkcs12 -export -inkey "C:\Program Files\OpenSSL-Win64\bin\dsmkey.pem" -in cert.pem -out C:\Users\user\Desktop\dsmkey.pkcs12 -name "DSM"
Copied Files to Server
Cert.pem
Dsmkey.pkcs12
JCormie
2 Posts
0
July 3rd, 2019 09:00
For some odd reason, this only seems to works if the pkcs12 file has an extension of .p12