8.7 Configuring the global network management feature to use a Certificate Authority
During NNMi installation, the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server's nnm.keystore and nnm.truststore files.
Suppose you want your global network management configuration to model the following figure.
|
|
![[Figure]](GRAPHICS/ZU507030.GIF)
-
Follow the instructions shown in 8.2 Generating a Certificate Authority certificate for regional1 and regional2.
-
Change to the following directory on regional1 and regional2 before completing step 3:
-
Windows: %NNM_DATA%\shared\nnm\certificates
-
UNIX: $NNM_DATA/shared/nnm/certificates
-
-
Copy the nnm.truststore files from the above locations on regional1 and regional2 to some temporary location on global1.
-
Execute the following commands on global1 to merge the regional1 and regional2 certificates into global1's nnm.truststore file:
nnmcertmerge.ovpl -truststore regional1-nnm.truststore-location
nnmcertmerge.ovpl -truststore regional2-nnm.truststore-location
-
Execute the following command sequence on global1:
ovstop ovstart