Cannot manage a storage device due to an invalid SSL/TSL certificate

Each device has a self-signed SSL certificate that Lenovo XClarity Administrator uses to communicate with the device through HTTPS. This certificate has a common name (CN) that identifies the host name (or IP address) that is associated with the certificate. The common name represents the name that is protected by the SSL certificate, and the certificate is valid only if the request hostname matches the certificate common name. Therefore, if the IP address of the storage array is changed, the existing certificate becomes invalid, and XClarity Administrator cannot manage it due to an invalid SSL/TSL certificate.

To resolve this issue:

• Ensure that the IP address in the CN value of the certificate that sent from the DE storage device is in IPv4 format.

• Ensure that the existing SSL/TSL certificate is valid

  • For Lenovo ThinkSystem DE storage arrays, reset the management certificate on the storage array to the factory self-signed certificate. For more information, see Reset management certificates in the ThinkSystem Storage DE Series online documentation

  • For Lenovo ThinkSystem DS storage arrays, restart the management controllers in the storage device using the management web interface or CLI to regenerate the certificate with the correct CN using the new IP address or hostname.