The workflows for managing certificates expiration will differ on two points, whether the FlashArray is running Purity 5.3.0+ or whether the Certificate is about to expire or has expired. Additionally, the workflow can differ if the FlashArray is on Purity 5.3.0+ and a custom certificate has been imported to VASA via purecert on the CLI.
For more information about importing custom CA signed certificates and managing the FlashArray VASA certificates with purecert cli see the following KBs:
- Web Guide: Managing the VASA Certificates with purecert via the CLI
- Generating and Importing the Certificate
In the event that the storage provider certificate is about to expire, then the certificate just needs to be renewed and/or refreshed. If the storage provider certificate has expired, then the storage providers will have to be removed, the VASA certificate will need to be deleted, a default VASA certificate will need to be created/imported and then the storage providers will need to be re-registered.
The workflows for these events is outlined in the next 2 sections.