8.5.2 Configuring an HA cluster to use a new certificate
Suppose you create a new self-signed or CA certificate, referred to as newcert. Complete the following steps to configure HA to use this new CA or self-signed certificate.
You can complete this procedure before or after configuring NNMi for HA, as described in 17.4 Configuring HA.
-
Change to the following directory on NNMi_HA1 before completing step 2:
-
Windows: %NNM_DATA%\shared\nnm\certificates
-
UNIX: $NNM_DATA/shared/nnm/certificates
-
-
On NNMi_HA1, execute the following command to import newcert into the nnm.keystore file:
- Windows:
-
%NnmInstallDir%\nonOV\jdk\nnm\bin\keytool.exe -import \
-alias newcert_Alias -keystore nnm.keystore -file newcert
- UNIX:
-
$NnmInstallDir/nonOV/jdk/nnm/bin/keytool -import \
-alias newcert_Alias -keystore nnm.keystore -file newcert
- Legend:
-
A backslash (\) at the end of a line specifies that the line continues.
-
Edit the following file on both the active cluster node (NNMi_HA1) and the standby node (NNMi_HA2):
-
Windows: %NNM_DATA%\conf\nnm\props\nms-local.properties
-
UNIX: $NNM_DATA/conf/nnm/props/nms-local.properties
-
-
Change the com.hp.ov.nms.ssl.KEY_ALIAS variable in the nms-local.properties file on both NNMi_HA1 and NNMi_HA2 as follows:
com.hp.ov.nms.ssl.KEY_ALIAS = newcert_Alias
-
Save your changes.