[PowerStore]証明書

Netherland Dwarf rabbitさん

①それぞれの証明書のデフォルトの有効期限
→ pstcli -u admin -p -d x509_certificate -id <確認したいCertのID＞ show
で可能です。

例＞$ pstcli -u xx -p xx -d xxx x509_certificate -id xxxxxxxxxxxxx show
id = xxxxxxxxxxxxx
type = Server
type_l10n = Server
service = Management_HTTP
service_l10n = Management_HTTP
scope = External
is_current = yes
is_valid = yes
members:
subject = C=US+O=Dell+L=xx+OU=PowerStore+ST=xx+CN=ManagementHTTP.xxxxx
fb2
serial_number = xxxx
signature_algorithm = SHA256withRSA
issuer = CN=Dell EMC PowerStore CA P8J7ZXF6,O=Dell EMC,ST=MA,C=US
valid_from = 01/11/2023 04:43:37 PM
valid_to = 01/10/2028 04:43:37 PM
public_key_algorithm = RSA
key_length = 4096
thumbprint_algorithm = SHA-256
thumbprint_algorithm_l10n = SHA-256
以後省略

またPowerStore Managerでも確認可能です。
Settings →CertificatesにてそれぞれのCertificateをクリック

②有効期限が切れた時の影響

→エラーとなります。後述KBを確認するとアクセスができないといった事態にはならないようです。

参考：Dell EMC Knowledge Article 000190463 : Power Store: How to deal with expired Management Server/Signing CA certificate 

Proceeding without renewing and without re-importing the certificate.
Browser behavior – When the user sees the warning that the date on the certificate is invalid (NET::ERR_CERT_DATE_INVALID), the user can ignore this warning and proceed
PowerStore CLI behavior - No error/warning thrown while executing the command using Powerstore CLI
REST API using cURL – If “-k” flag (execute insecurely) flag is not passed user gets back the SSL error (error code 60) saying that the date on the certificate is invalid. To overcome this the user can execute the cURL command by passing in the “-k” flag.
REST API using Postman – No error/warning thrown.

③有効期限の更新方法　　
→後述資料のThird-party Certificate Authority signed server certificate renewal（Page26 ）
Third-party Certificate Authority signed server certificate CA certificate renewal　にて更新してください。

参考：Dell EMC PowerStore Security Configuration Guide

Page 26