{}

Our Brands

Search FAQs

CA certificate must be imported to PowerChute Network Shutdown keystore to connect to VxRail Manager from version 7.0.320 when “Accept Untrusted SSL Certificates” is disabled

Issue:
Certificate Authority (CA) certificate must be imported to the PowerChute Network Shutdown keystore to connect to VxRail Manager from version 7.0.320 when “Accept Untrusted SSL Certificates” is disabled.

Products:
PowerChute Network Shutdown v4.5

Environment:
PowerChute Network Shutdown configured with Dell VxRail support, “Accept Untrusted SSL Certificates” is disabled in VxRail settings.

Cause:
From version 7.0.320, VxRail Manager no longer uses a self-signed server certificate. The VxRail Manager server certificate is now signed by a CA and the CA certificate must be imported to the PowerChute-keystore if the “Accept Untrusted SSL Certificates” option in the Web UI is disabled. This is to prevent a connection error when the NMC attempts to send the cluster shutdown API call.

Solution:

Step 1: Retrieve the CA certificate:
  1. Open VxRail Manager in a web browser: https://<vxrail_manager_ip_address>/rest/vxm/api-doc.html
  2. View the certificate details and click the Certification Path tab.
  3. Click the CA certificate and click View Certificate.
  4. Click the Details tab and click Copy to File…
  5. Save the certificate as a Base-64 Encoded .cer file.


Step 2: Transfer the CA certificate file to the PowerChute virtual appliance via SCP: scp vxrail_ca.cer root@<virtual_appliance_ip_address>:vxrail_ca.cer or using a tool such as WinSCP.


Step 3: Before you can import the certificate, you must change the PowerChute-keystore password:
  1. Open the PowerChute configuration file (pcnsconfig.ini), found at opt/APC/PowerChute/group1
  2. In the section [NetworkManagementCard], add the line "PowerChuteKeystorePassword = <new_password>".
  3. Save the pcnsconfig.ini file.
  4. Re-start the PowerChute service: systemctl stop PowerChute / systemctl start PowerChute

Step 4: Navigate to the opt/APC/PowerChute/group1 directory in the command line and import the CA certificate to the PowerChute-keystore using the command: ../jre_x64/bin/keytool -importcert -alias vxrail -keystore PowerChute-keystore -storepass <keystore password> -file <vxrail_manager_.cer_file>
NOTE: The alias must be set as “vxrail” or the PowerChute-keystore will not accept the certificate.

Step 5: Re-start the PowerChute service.

APC United Arab Emirates

Explore more
Range:
PowerChute Network Shutdown
Explore more
Range:
PowerChute Network Shutdown
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.