Generating a CSR for the Quorum Witness client on each storage system
The Peer Persistence or three data center Peer Persistence (3DC PP) configuration that will use Quorum Witness (QW)
A Certificate Authority tool
Access to HPE SSMC
- On the HPE SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
-
In the list pane, select the
Peer Persistence
Remote Copy configuration, and then select
Actions > Manage Certificates.
The Manage Quorum Witness Certificates screen opens.
Source system
-
Generate a certificate signing request (CSR) for the source system.
- Under Certificate Management, select the source system from the System drop-down list.
- Click the Generate CSR radio button.
- Click
Generate CSR.
The Set CSR Details screen appears.
- Enter the source system information and location.
Common Name: The FQDN of the source system
DNS: The name of the source system as it is known in DNS
IP: The IP address of the source system
- Click OK.
- On the
Certificate Management screen, click
Save.
The CSR is downloaded to your local download directory.
- Move the file to the predefined
\csrs
directory.For example,C:\qw-secure\csrs
.
Target system
-
Generate a CSR for the target system from the
Manage Quorum Witness Certificates screen.
- Select the target system from the System drop-down list.
- Click the Generate CSR radio button.
- Click Generate CSR.
- Enter the target system information and location on the details screen.
Common Name: The FQDN of the target system
DNS: The name of the target system as it is known in DNS
IP: The IP address of the target system
- Click OK.
- On the
Certificate Management screen, click
Save.
The CSR is downloaded to your local download directory.
- Move the file to the predefined
\csrs
directory.
Certificate Authority tool
- Access the CA tool.
- Request a CA-signed certificate for each storage system using the copied CSR files you generated.
-
When you receive the CA-signed certificates:
- Make sure that the certificates are compliant to X.509 certificate format and PEM encoding.
- Move the certificates to your predefined CA-signed certificates folder.
For example,
C:\qw-secure\certs
.