When a storage system is communicating with an external device, you are advised to use the certificate verification mode to improve service security. It is recommended that you replace the default security certificate with a certificate applied from an official authority and replace the certificate that has expired or is about to expire in a timely manner. This operation enables you to import and activate a certificate.
Context
Only super administrators and security administrators can import and activate certificates.
When updating the security certificate of an internal service, wait until the certificate update is complete (the system reports a log indicating whether the certificate update is successful or failed) and then update the certificate in other scenarios.
Procedure
- Choose Settings > Certificate > Certificate Management.
- Select the desired certificate and click Import and Activate.
The prompt messages for importing and activating certificates vary with scenarios. This online help uses importing and activating HyperMetro arbitration certificates as an example.
- Set Certificate File, CA Certificate File, and Private Key File as required.
Only plaintext private keys are supported.
- Click OK.
- After you import and activate a certificate in one scenario, choose Monitor > Alarms and Events > Events. Wait until certificate import success, certificate activation success, and certificate update success events are displayed in sequence, and then import and activate the certificate in the next scenario. Before a certificate is updated, related service operations may fail. Try again after the certificate is updated.
- HA-related alarms may be generated during the update of Internal system service security certificate. The alarms will be automatically cleared after the certificate is updated.