Users Guide
Figure 8. Internet Explorer certificate error page
Application server certificate management
To resolve the self-signed certificate errors with latest browsers, you must have the application server
certificate signed by a trusted Certification Authority (CA). During the installation of the MD vCenter Plug-
in, an SSL certificate was generated for the application server along with a certificate signing request
(CSR) that is specific to that application server. A trusted CA must sign the CSR and then reimported into
the Java keystore to implement a fully trusted certificate chain. The following steps describe the process
of importing the application server certificate after it is signed by a trusted CA.
NOTE: The CSR is typically located on the application server host directory C:\Program Files\MD
Storage Manager\ MD Storage Manager Plug-in for VMware vCenter\jetty
\working
. The file is named <host_name>.csr. After the CSR has been signed by a trusted CA, copy
the signed certificate and the CA certificate to the same directory.
Import signed application server certificate
On the application server host system, start a command line interface (CLI) or terminal.
1. Change directory to C:\Program Files\Dell\MD Storage Manager Plug-in for VMware
vCenter\jetty\working directory
It is assumed that both the signed certificate and the CA certificate are copied to the working
directory.
2. Import the CA certificate into the Java keystore (if not already in trustedcacerts keystore) by running
the following at the command line interface (CLI): ..\..\jre\bin\keytool -import -
trustcacerts -alias root -file <ca_cert> -keystore keystore -storepass
changeit
3. Import the signed application server certificate into the Java keystore with the following at the
CLI: ..\..\jre\bin\keytool -import -trustcacerts -alias jetty -file
<signed_cert> -keystore keystore -storepass changeit
4. Restart the MD Storage Manager Application Server (vCP) service and allow a minute or two for the
service to initialize.
19