2 hp 3par storeserv storage certificate – HP 3PAR Application Software Suite for VMware User Manual
Page 19
2 HP 3PAR StoreServ Storage certificate
HP 3PAR StoreServ Storage enables management of SSL certificate, and enforces certificate
validation by the host and client applications to establish a secure connection.
HP 3PAR CLI and HP 3PAR OS versions 2.3.1 MU5 P35, 3.1.1 MU3 P27, 3.1.2 MU3 P16, or
later, supports a self-signed 2048-bit RSA SSL certificate for HP 3PAR StoreServ Storage. You must
upgrade to one of these versions to enforce certificate validation. To use the SSL certificate, you
must upgrade to one of the HP 3PAR CLI and HP 3PAR OS versions that supports SSL certificate.
When the RMV web service receives a request, such as, a login request to connect to an HP 3PAR
StoreServ, it establishes a connection with the HP 3PAR StoreServ on behalf of the client. Before
establishing the connection, the RMV web service checks if a server certificate is available in the
RMV database for the HP 3PAR StoreServ. If a certificate is available, then the RMV web service
retrieves the saved certificate, and sends a connection request to HP 3PAR StoreServ with the
certificate details. If the HP 3PAR StoreServ certificate is the same as the one specified in the request,
and if there are no other connection issues, then a connection is successfully established.
However, if there are no saved certificates in the RMV database, then the RMV web service sends
a connect request to HP 3PAR StoreServ without the server certificate. If HP 3PAR StoreServ has a
CA (Certificate Authority) signed certificate installed on the server, then a connection is successfully
established. However, if the connection fails due to SSL certificate issue, then the RMV web service
passes the server certificate to RMV. This certificate is also displayed in the GUI. You must verify
the certificate and respond to the server by accepting or rejecting the certificate. If you reject the
certificate, then the connection process stops with an invalid server certificate error message. Else,
the RMV web service re-sends a connect request using the certificate accepted by you. If there are
no other connection issues, then the connection is successfully established. You can also save this
accepted certificate in the RMV server database. If the server certificate is not changed and is not
expired, then the connection is directly established, without any verification, when you login the
next time.
19