Security certificates in SSMC

SSMC uses several certificates both for the purpose of proving its identity to external systems that it interfaces with (Identity certificates) and for trusting external systems that it connects with (trust certificates).

Server identity certificates

  • SSMC web server certificate: Helps to establish SSMC web server identity to connecting client processes (browsers). By default, SSMC uses a self-signed certificate, which causes security warnings in the browser. Replacing the SSMC self-signed certificate with a CA-signed certificate eliminates the browser warnings.

  • Two-factor authentication certificate: Used in environments with two-factor authentication only. Allows SSMC to prove its identity to the storage array, where the array and SSMC mutually authenticate and trusts each other by exchanging certificates.

Trust certificates

  • Array certificates: SSMC uses this certificate (or certificate chain) to identify and trust 3PAR arrays that it connects with and manages. Each 3PAR array has its own certificate (or certificate chain) that is managed separately. However, if the array certificates have a common CA certificate chain, you can import the certificate chain into SSMC one time for all arrays.

  • RMC certificate: SSMC uses this certificate (or certificate chain) to identify and trust RMC instance that it connects with. This certificate is accepted and imported into SSMC while configuring RMC from SSMC GUI.

  • InfoSight certificate: SSMC uses this certificate (or certificate chain) to identify and trust InfoSight web API that it connects with. This certificate is accepted and imported into SSMC while configuring HPE InfoSight from SSMC GUI.

  • Remote syslog server certificate: SSMC uses this certificate (or certificate chain) to identify and trust the remote syslog server that it connects with. This certificate is accepted and imported into SSMC while configuring remote syslog. For more information on configuring remote syslog server, refer Configuring remote syslog auditing in SSMC.

  • SMTP certificates: SSMC uses this certificate to trust TLS connections with SMTP server that you configure in SSMC. This certificate is used to send email alerts and notifications.

  • Service Processor Certificates: SSMC uses this certificate to trust TLS connections with Service Processor Instances that are configured in SSMC.

  • OIU Certificates: SSMC uses this certificate to trust and connect with remote arrays of other makes and models, which are supported for online imports.