Importing the Quorum Witness client and server certificates

The Quorum Witness (QW) client certificate, Certificate Authority (CA) trust chain, and the Quorum Witness server root CA must be imported on each storage system.

Procedure
  1. On the HPE SSMC main menu, select Remote Copy Configurations under DATA PROTECTION.
  2. In the list pane, select the Peer Persistence or three data center Peer Persistence (3DC PP) configuration, and then select Actions > Manage Certificates.

    The Manage Quorum Witness Certificates screen opens.

Source system

  1. Import the Quorum Witness (QW) client certificate for the source system.
    1. Select the source system from the System drop-down list.
    2. Click Import QW Client Certificate.
    3. For the QW Client CA trust chain, browse to the predefined certificates directory and open the CA chain certificate .pem file.
    4. Verify that the CA trust chain file appears.
    5. For the QW Client Certificate, browse to the predefined certificates directory and open the FQDN certificate .pem file.
    6. Verify that the client certificate files appear.

      Screenshot QW client certificates

  2. Import the Quorum Witness server certificate for the source system.
    1. Click Import QW Server Certificate.
    2. Browse to the predefined certificates directory and open the QW server certificate.
    3. Verify that the certificate file appears.

      Screenshot QW server certificate

  3. To import all certificates, click Import.
  4. Select the check box to accept the implications, and then click Yes, import.

    The source client and server certificates appear under Existing Quorum Witness Certificates.

Target system

  1. Import the Quorum Witness client certificate for the target system.
    1. Select the target system from the System drop-down list.
    2. Click Import QW Client Certificate.
    3. For the QW Client CA trust chain, browse to the predefined certificates directory and open the CA chain certificate .pem file.
    4. Verify that the CA trust chain file appears.
    5. For the QW Client Certificate, browse to the predefined certificates directory and open the FQDN certificate .pem file.
    6. Verify that the client certificate files appear.
  2. Import the Quorum Witness server certificate for the target system.
    1. Click Import QW Server Certificate.
    2. Browse to the predefined certificates directory and open the QW server certificate.
      TIP:

      The QW server certificate might contain an intca type. This certificate is not required and is not necessary to import. Only the rootCA type is required.

    3. Verify that the QW server certificate file appears.
  3. To import all certificates, click Import.

    The source and target client and server certificates appear under Existing Quorum Witness Certificates.

    Screenshot Existing QW certificates

  4. Verify that you have three certificates for each storage system:
    • A self-signed rootCA for the qw-client

    • A CA-signed cert for the qw-client

    • A self-signed rootCA for the qw-server