Perform the following steps in the CryptoHub web UI.

Sign the FlashArray CSR with a CryptoHub CA created during Endpoint deployment

Go to the PKI and CA > Certificate Management menu.

Expand the Client App TLS CA until you see the Pure Storage FlashArray certificate.

Right-click the CryptoHub CA certificate that issued the Pure Storage FlashArray certificate and select Add Certificate > From Request.

In the Subject DN tab, set the Common Name to the Application Name you noted above.

Leave set all default values in the Basic Info tab.

In the V3 Extensions tab, select the TLS Client Certificate Profile and select [ OK ].

Export the FlashArray and CA certificate

Right-click the FlashArray certificate you just issued and select Export > Certificate(s).

Change the Encoding to PEM and select [ Browse ].

Choose a filename for web transfer and select [ OK ].

Select [ OK ]. You should see a message stating the certificate was successfully written. Select [ OK ].

Download the PEM certificate file when prompted to by your browser.

Repeat steps 1-5 to export the CryptoHub CA certificate.

In the next section, we will configure the FlashArray certificate and CA certificate using the FlashArray CLI.

⌘I