Deploying ECA using the GUI
You can perform all external certificates related operations from the > > tab.
Upload certificate
View certificate request
Generate certificate request
To deploy ECA using the GUI
- Go to the Settings > Security Management > Certificates tab.
- Click Generate certificate request and fill out the form. The SAN field is filled with default SAN entries that are mandatory for the configuration. For standard default configuration, it has the FQDN entries for all the storage servers, NetBackup primary FQDN, console IP and API gateway FQDN.
- Click Generate to generate a certificate request.
The CSR is used to generate certificate. This certificate along with the CA bundle (Root CA + Intermediate CA) should be uploaded on the upload page.
- Click Copy to copy the certificate request. This has to be given to a CA signing authority who uses this to generate a certificate. CA signing authority will provide a certificate along with the root certificate and intermediate certificate used to generate the certificate. Authority may also provide a CRL file.
- Go to Certificates > Upload certificate to upload the certificate artifacts. For a fresh deployment, both the certificate and CA certificate bundle are mandatory. CRL is optional. For renewal, any one of the three are required.
Both the certificate and CA bundle must be a .PEM file. The CA bundle .PEM file should contain entries for all the CA certificates from root to intermediate till the immediate parent of the leaf certificate.
- After the certificate is uploaded, Save gets enabled. Click Save. The deployment is initiated.
After deployment is successfully completed for all components, the GUI restarts with the uploaded external certificate.
You can verify the browser certificate from the GUI to verify that it is the same one that was used during deployment.