No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

MM910 Management Module V100R001 User Guide 24

This document provides the product description, installation and configuration methods, and common operations of the E9000 server chassis management module MM910.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing a Certificate File

Replacing a Certificate File

Scenarios

Replace the certificate file on the active MM910.

The SSL certificate sets up an SSL security channel over HTTPS between the client browser and the web server to implement data encryption transmission between the client and server, preventing information leakage. SSL ensures the security of data transmission and is used for verifying the website to be accessed.

NOTE:

For security purposes, replace the certificate file as required.

Prerequisites

Conditions

None.

Data

Certificate file

Procedure

  1. Log in to the WebUI of the active MM910.

    For details, see Logging In to the MM910 WebUI.

  2. Choose System Management > System Settings > SSL Certificate.

    A page similar to Figure 4-19 is displayed.

    Figure 4-19 SSL Certificate

  3. Import the SSL certificate.

    1. Determine the procedure to be performed.
      • To apply for and import the server certificate file, perform 3.b to 3.f.
      • To import a custom certificate file, perform 3.g to 3.j.
      NOTE:
      • Perform this operation only when an SSL certificate is available.
      • For security purpose, use a secure encryption algorithm (for example, RSA2048) to encrypt the certificate when generating the certificate.
    2. Choose the Server Certificate tab.
    3. In the Step 1: Generation CSR area, set the parameters for applying for a certificate, and click Generate.

      A CSR file corresponds to the server certificate applied from the CA organization. Do not generate a new CSR file until you import the server certificate. Otherwise, the original CSR file will be overwritten by the new CSR file and cannot be recovered. If a new CSR file is generated, you must use the new CSR file to apply for a new server certificate from the CA organization.

      Table 4-13 describes the parameters for customizing certificate information.

      Table 4-13 Parameters for customizing certificate information

      Parameter

      Description

      Country

      Country of the user.

      This parameter is mandatory. The value can contain only two letters.

      State/Province

      State or province of the user.

      The value can contain a maximum of 64 characters, including letters, digits, and spaces.

      City/Location

      City of the user.

      The value can contain a maximum of 64 characters, including letters, digits, and spaces.

      Organization name

      Company of the user.

      The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

      Organizational unit

      Department of the user.

      The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

      Common name

      Name of the user.

      This parameter is mandatory. The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    4. In the displayed dialog box, export the CSR file to the local PC as instructed.
    5. Send the CSR file to the SSL certificate issuer to apply for an SSL certificate.

      After obtaining the official SSL certificate, save it to the client.

    6. In the Step 2: Import Server Certificate area, click Browse, select the SSL certificate, and click Import.

      If "Succeed to import Certificate, the new Certificate will take effect after the next reboot!" is displayed, the certificate is imported successfully.

      NOTE:
      • The SSL certificate to be imported must be a .pem file with a maximum size of 10 KB.
      • The SSL certificate complies with the PKCS#10 standard.
      • After the certificate is imported, restart the MM910 for the certificate to take effect.
    7. Choose the Custom Certificate tab.
    8. Click Browse next to Certificate, and select the SSL certificate to be imported.
      NOTE:
      • The SSL certificate to be imported must be a .pfx or .p12 file with a maximum size of 10 KB.
      • The certificate must comply with the PKCS#12 standard.
    9. In the Certificate Password text box, enter a password if the certificate is protected by a password. Otherwise, the certificate cannot be uploaded.
    10. Click Import.

      If "Succeed to import Certificate, the new Certificate will take effect after the next reboot!" is displayed, the certificate is imported successfully.

    NOTE:

    After the certificate is imported, restart the MM910 for the certificate to take effect.

  4. Add the root certificate to the browser.

    NOTE:

    After importing an SSL certificate, check whether the root certificate of the issuer exists on the client browser.

    Internet Explorer is used as an example to describe how to check and add a root certificate.

    1. Open Internet Explorer.
    2. On the toolbar, choose Tools > Internet Options.

      The Internet Options dialog box is displayed.

    3. On the Content tab page, click Certificates.

      The Certificates dialog box is displayed.

    4. On the Trusted Root Certification Authorities tab page, check whether the SSL certificate issuer is listed.
      • If yes, go to 4.e.
      • If no, go to 4.f.
    5. Check whether the SSL certificate has expired.
      • If yes, go to 4.f.
      • If no, go to 4.g.
    6. On the Trusted Root Certification Authorities tab page, click Import.

      Import the root certificate as instructed.

    7. Open Internet Explorer again, and check whether the icon is displayed in the address bar.
      • If yes, no further action is required.
      • If no, contact Huawei technical support.

Translation
Download
Updated: 2019-04-10

Document ID: EDOC1000015900

Views: 69039

Downloads: 5169

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next