Create a FlashArray certificate and construct a CSR

Before enabling RDL on the FlashArray, the array and the CryptoHub must establish a mutual trust relationship by validating their respective digitally signed certificates. Notes about certificates:

Certificates used on the FlashArray must be PEM-formatted (Base64-encoded).
Intermediary certificates are not supported for use with KMIP.
Using the Purity internal management certificate for KMIP configuration is not supported.

In the following sections, we will use the FlashArray Command Line Interface (CLI) to generate a FlashArray certificate and construct a Certificate Signing Request (CSR).

Generate a FlashArray certificate

Perform the following steps to generate a FlashArray certificate:

Use the following purecert create CLI command to create a self-signed certificate:

Shell

pureuser@purefa-ct0:# purecert create cert_1 --self-signed --common-name purefa

Display the certificate by using the following purecert list command: (Copy the displayed certificate for use in a later step.)

Shell

pureuser@purefa-ct0:# purecert list cert_1 --certificate

Construct a Certificate Signing Request (CSR)

Perform the following steps to construct a CSR:

Use the following purecert construct command to construct a CSR:

Shell

pureuser@purefa-ct0:# purecert construct cert_1 --certificate-signing-request

Copy the CSR that is displayed in the terminal and paste it into a file editor. Save the file with either the .pem or .csr extension. Then, move the file via SFTP or other means to the external storage device configured on the CryptoHub.

⌘I

​Generate a FlashArray certificate

​Construct a Certificate Signing Request (CSR)

Generate a FlashArray certificate

Construct a Certificate Signing Request (CSR)