undefined undefined 
{}

Our Brands

0 item count of documents is
Impact-Company-Logo-English Black-01-177x54
My Products Item count in basket is 0 My Documents Item count in basket is 0
Impact-Company-Logo-English Black-01-177x54

Welcome to the Schneider Electric Website

Welcome to our website.
Support
Search FAQs
FAQ000234912
How can we help you today?
CA certificate must be imported to the PowerChute Network Shutdown keystore to connect to VxRail Manager from version 7.0.320 when “Accept Untrusted SSL Certificates” is disabled

Issue:
Certificate Authority (CA) certificate must be imported to the PowerChute Network Shutdown keystore to connect to VxRail Manager from version 7.0.320 when “Accept Untrusted SSL Certificates” is disabled.

Products:
PowerChute Network Shutdown v4.5

Environment:
PowerChute Network Shutdown configured with Dell VxRail support, “Accept Untrusted SSL Certificates” is disabled in VxRail settings.

Cause:
From version 7.0.320, VxRail Manager no longer uses a self-signed certificate. A CA now signs the VxRail Manager server certificate, and the CA certificate must be imported to the PowerChute-keystore if the “Accept Untrusted SSL Certificates” option in the Web UI is disabled. This is to prevent a connection error when the NMC attempts to send the cluster shutdown API call.

Solution:

Step 1: Retrieve the CA certificate:

  1. Open VxRail Manager in a web browser: https://<vxrail_manager_ip_address>/rest/vxm/api-doc.html
  2. View the certificate details and click the Certification Path tab.
  3. Click the CA certificate and click View Certificate.
  4. Click the Details tab and click Copy to File…
  5. Save the certificate as a Base-64 Encoded .cer file.



Step 2: Transfer the CA certificate file to the PowerChute virtual appliance via SCP: scp vxrail_ca.cer "root@virtual_appliance_ip_address:vxrail_ca.cer" or using a tool such as WinSCP.


Step 3: Before you can import the certificate, you must change the PowerChute-keystore password:

  1. Open the PowerChute configuration file (pcnsconfig.ini), found at opt/APC/PowerChute/group1
  2. In the section [NetworkManagementCard], add the line "PowerChuteKeystorePassword = <new_password>".
  3. Save the pcnsconfig.ini file.
  4. Re-start the PowerChute service: systemctl stop PowerChute / systemctl start PowerChute


Step 4: Navigate to the opt/APC/PowerChute/group1 directory in the command line and import the CA certificate to the PowerChute-keystore using the command: ../jre_x64/bin/keytool -importcert -alias vxrail -keystore PowerChute-keystore -storepass <keystore password> -file <vxrail_manager_.cer_file>
NOTE: The alias must be set as “vxrail” or the PowerChute-keystore will not accept the certificate.

Step 5: Re-start the PowerChute service.

Released for:Schneider Electric India

Explore more
Range:
PowerChute Network Shutdown
Articles that might be helpful
Show more articlesshow more
 Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range:
PowerChute Network Shutdown