10.3.1 Generating a Self-Signed Certificate
- Caution
-
NNMi 11-50 introduces a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 on a system. Environments upgraded from an older version of NNMi continue to use a JKS repository to store certificates.
In upgraded environments, you can migrate to the PKCS #12 repository by using the steps in 10.2 Configuring an Upgraded NNMi Environment to Use the New Keystore.
To generate a self-signed certificate, follow these steps:
-
Change to the directory on the NNMi management server that contains the nnm-key.p12 and nnm-trust.p12 files:
-
Windows: %NnmDataDir%shared\nnm\certificates
-
Linux: $NnmDataDir/shared/nnm/certificates
-
-
Save a backup copy of the nnm-key.p12 file.
-
Delete the existing nnm-key.p12 file.
-
Generate a private key from your system.
Use the nnmkeytool.ovpl command to generate this private key:
-
Run the following command exactly as shown:
-
Windows:
%NnmInstallDir%bin\nnmkeytool.ovpl -genkeypair -validity 3650 -keyalg rsa -keystore nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass -alias <alias_name>
-
Linux:
$NnmInstallDir/bin/nnmkeytool.ovpl -genkeypair -validity 3650 -keyalg rsa -keystore nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass -alias <alias_name>
- Note
-
The alias, referred to as <alias_name> in this example, identifies this newly-created key. Although the alias can be any string, we recommends you use the fully-qualified domain name (FQDN) followed by a suffix to help you easily identify the right version. For example, you can use alias name as myserver.mydomain-<number> or myserver.mydomain-<date>.
-
-
Enter the requested information.
- Note
-
When prompted for your first and last name, enter the FQDN of your system.
A self-signed certificate is generated.
For obtaining CA-signed certificates, you need to additionally generate and submit a CSR file to a CA. For more information, see 10.3.2 Generating a CA-Signed Certificate.
-