Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Consolidated Management 2/Network Node Manager i Setup Guide

8.4 Configuring the application failover feature to use CA certificates

Figure 8‒2: Using CA certificates with application failover

[Figure]

When configuring the application failover feature, you must merge the contents of both nodes' nnm.keystore files and nnm.truststore files into a single nnm.keystore file and a single nnm.truststore file, respectively. Complete the following steps to configure the application failover feature to use CA certificates based on the above diagram.

If you are using CA certificates with NNMi together with the application failover feature and do not complete the following steps, NNMi processes will not start correctly on the standby NNMi management server (Server Y in this example).

Follow the instructions shown in 8.2 Generating a Certificate Authority certificate for Server Y.

  1. Change to the following directory on Server Y before completing step 2:

    • Windows: %NNM_DATA%\shared\nnm\certificates

    • UNIX: $NNM_DATA/shared/nnm/certificates

  2. Copy the nnm.keystore and nnm.truststore files from Server Y to some temporary location on Server X.

    The remaining steps refer to these file locations as keystore and truststore.

  3. Execute the following command on Server X to merge Server Y's certificates into Server X's nnm.keystore and nnm.truststore files:

    Windows and UNIX:

    nnmcertmerge.ovpl -keystore -truststore

  4. Copy the merged nnm.keystore and nnm.truststore files from Server X to Server Y, so that both nodes have the merged files.

    The location of these files is as follows:

    • Windows: %NNM_DATA%\shared\nnm\certificates

    • UNIX: $NNM_DATA/shared/nnm/certificates

  5. Execute the command shown below on both Server X and Server Y.

    Verify that the displayed results from both servers, including the fully-qualified-domain name, match. If they do not match, do not continue; instead, redo steps 1 through 5.

    Windows:

    %NnmInstallDir%\nonOV\jdk\nnm\bin\keytool.exe \

    -list -keystore \

    %NnmDataDir%\shared\nnm\certificates\nnm.keystore \

    -storepass nnmkeypass

    UNIX:

    $NnmInstallDir/nonOV/jdk/nnm/bin/keytool \

    -list -keystore \

    $NnmDataDir/shared/nnm/certificates/nnm.keystore \

    -storepass nnmkeypass

    Legend:

    A backslash (\) at the end of a line specifies that the line continues.

  6. Execute the command shown below on both Server X and Server Y.

    Verify that the displayed results from both servers, including the fully-qualified-domain name, match. If they do not match, do not continue; instead, redo steps 1 through 6.

    Windows:

    %NnmInstallDir%\nonOV\jdk\nnm\bin\keytool.exe \

    -list -keystore \

    %NnmDataDir%\shared\nnm\certificates\nnm.truststore \

    -storepass ovpass

    UNIX:

    $NnmInstallDir/nonOV/jdk/nnm/bin/keytool \

    -list -keystore \

    $NnmDataDir/shared/nnm/certificates/nnm.truststore \

    -storepass ovpass

    Legend:

    A backslash (\) at the end of a line specifies that the line continues.

  7. Continue configuring the application failover feature at step 6 in 16.3 Configuring NNMi for application failover.

    Reference note

    Although you manually completed step 4, after you start the application failover feature, NNMi automatically replicates the merged keystore and truststore information from Server X to Server Y.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2012, 2014, Hitachi, Ltd.

Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

This software and documentation are based in part on software and documentation under license from Hewlett-Packard Company.