Closing Thoughts

How-Tos for VMware Solutions

Audience
Public
Source Type
Documentation

Overall the process is fairly straightforward. However, when creating either a self-signed or signed certificate, you must make sure the SAN entry for the IP Address matches the Common Name (this would be the IP address for either ETH0 or ETH1). There is some additional testing being done for both IPv6 and FQDNs being used as the common name and SAN, however, at this time we still recommend using IPv4 for the Common Name and SAN attribute. Keep in mind that any request to the VASA Provider will fail between the time that the certificates are imported and when the storage providers are re-registered. This is expected as the storage providers would be marked as offline since the certificates changed. Take this into account when planning to import a signed certificate.

If you have any questions, concerns, or feedback on the process either leave feedback on the KB or open a support case.

With the release of Purity 5.3, the FlashArray's VASA provider will support being registered with multiple non-linked vCenter Servers. This KB covers the process of importing both CA and OpenSSL Signed Certificates to the FlashArray using the purecert CLI command and registering these storage providers.