8.1 Configuring certificates
Use the following information to guide you in configuring certificates for your special needs:
-
If you are using CA certificates, follow the instructions shown in 8.2 Generating a Certificate Authority certificate.
-
If you configured your global or regional (or both) NNMi management servers to use the application failover feature, there are some additional configuration steps. Merge the NNMi management servers' nnm.keystore and nnm.truststore files before completing the global network management configuration, as described in 8.3 Configuring application failover to use self-signed certificates.
-
If you must use a Certificate Authority, and you configured your global or regional (or both) NNMi management servers to use the application failover feature, there are some additional configuration steps. First, follow the instructions shown in 8.2 Generating a Certificate Authority certificate. Then, before completing the global network management configuration, merge the NNMi management servers' nnm.keystore and nnm.truststore files by following the instructions shown in 8.4 Configuring the application failover feature to use CA certificates.
-
If you configured your global or regional (or both) NNMi management servers to use High Availability (HA), create the self-signed certificate in the nnm.keystore and nnm.truststore files before completing the global network management configuration, as described in 8.5 Configuring a high availability cluster to use self-signed or Certificate Authority certificates.
-
After you have properly configured each HA or application failover cluster, enable the global network management feature by copying the nnm.truststore file from the active regional node to the active global node, and then merge the truststore. If the NNMi management servers use CA certificates generated using the procedure shown in 8.2 Generating a Certificate Authority certificate, then those CA certificates are the only certificates you must merge into the global truststore.
-
If you configured your NNMi management servers in a global network management configuration, and then later you decide to change the regional or global (or both) to be in an application failover cluster, follow the instructions shown in 8.3 Configuring application failover to use self-signed certificates. Use the commands shown in that section to configure your nnm.keystore and nnm.truststore files correctly, and then copy the modified nnm.truststore file to the global NNMi management server and merge it into its nnm.truststore file.
-
If you configured your NNMi management servers in a global network management configuration, and then later you decide to change the regional or global (or both) to use HA, follow the instructions shown in 8.5 Configuring a high availability cluster to use self-signed or Certificate Authority certificates.
-
Once directory service communications have been enabled, NNMi uses the LDAP protocol for retrieving data from a directory service. If the directory service requires an SSL connection, follow the instructions shown in 8.8 Configuring an SSL connection to the directory service.