Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Can I Import the Windows AD Domain Server's CA Certificate to the Storage System?
When you set domain authentication for a storage system, you must import the CA certificate of the AD domain server to the storage system before selecting LDAPS.
Prerequisites
The web service has been enabled for the Windows AD domain server.
Procedure
- Access http://localhost/certsrv/ on the Internet Explorer.
- Click Download a CA certificate, certificate chain, or CRL.
- Select the CA certificate you want to export, set the encoding mode to DER, and click Download CA certificate.
- Click Save to save the CA certificate to a specified directory.
- Convert the CA certificate format.
The exported CA certificate uses the default format of Windows. You must convert it to the pem format before importing it to the storage system.
To convert the format, copy the CA certificate to a Linux server and run the openssl x509 -in ./XXX.cer -inform DER -out YYY.pem -outform PEM command in the directory where the CA certificate is saved.
In the preceding command, XXX represents the name of the CA certificate before conversion, and YYY represents the name after conversion.
- After the CA certificate is converted, import it to the storage system.
- Log in to DeviceManager.
- Choose Settings > Certificate Management.
- Select a scenario, and import and activate the CA certificate.
