Installing SSL certificates on 3PAR Service Processor 5.x

3PAR Service Processor 5.x

In our previous post we went through the process of installing SSL Certificates on 3PAR Service Processor version 4.4.x. In this article we will tackle the same steps on the newer version of Service Processor 5.x which is slightly different than the previous one. In short, we will create a new certificate file, have it signed by our Certificate Authority, combine with the root (and eventually issuing authority) and install it on the Service Processor.

A user guide of HPE 3PAR Service Processor 5.x can be found here. At the time of writing I’m using Service Processor version

Creating a Certificate File Request (.CFR)

  1. Navigate to your Service Processor web application and log in with your admin account.
  2. Go to 3PAR Service Console and click on Settings
  3. Next to Application click on Edit
  4. Click on Certificate Signing Request
    SP Certificate Signing Request
  5. Fill in the required information about your Service Processor appliance
    SP Certificate Signing Request information
  6. Make sure to add extra SAN’s (Subject Alternate Names) so that your browser doesn’t flag the certificate as invalid. In my case I added the following:
  7. Scroll down and click on Generate
  8. Copy the generated text, save it in a file and have it signed by your Certificate Authority. I usually save these kind of files as storcomsp_certrequest.csr
    SP Certificate Signing Request content

Importing Service Processor SSL Certificates

  1. Once your certificate request is signed, you will receive it back as .cer file.
  2. Next step is to have a combined certificate which contains the whole certificate chain. Assuming you already have the Root and the Intermediate (if available) Certificate.
  3. Open the signed SP certificate with a text editor and copy the content of the Intermediate and the root certificate.
  4. Basically your combined certificate file will look like this
    <SP Signed certificate>
    -----END CERTIFICATE-----
    <CA Intermediate certificate>
    -----END CERTIFICATE-----
    <CA Root certificate>
    -----END CERTIFICATE-----
  5. Save the .cer file.
  6. Go back to Service Processor Console, click on Settings > Application and hit Edit.
  7. Click on Import Certificate to start importing the CA signed file.
    SP SSL Certificate import
  8. Copy the content of the combined .cer file (remember you saved it in step 5.)
  9. Paste the copied text to the Import window and hit Import.
  10. OK to start rebooting the Service Processor

After completing these steps your 3PAR service processor will reboot. It might take a couple of minutes before your console will be available. If everything went well your new certificate will be effective.

Any suggestion or question? Leave a reply below, or feel free to contact us. Make sure to subscribe to our mailing list to get the latest.

Share Article on:


3 Responses

  1. service processor connection status failed.

    Lost SP connectivity with the StoreServ.
    Description: Certificate acceptance needed
    Resolution:Verify the StoreServ is active on the network. If it is, then remove the StoreServ from the SP and reconnect using appropriate credentials.

    I did recently update the certificate on the 3par. Nowhere do I see a screen to accept the certificate.

    I have restarted the SP, the connection test fails.

    Any ideas?

    1. Had the same issue recently. Make sure to remove the disconnected 3par array from its SP then reconnect again, this way the new 3par cert will be applied / accepted.

Leave a Reply

Your email address will not be published. Required fields are marked *