Hitachi

JP1 Version 12 JP1/Integrated Management 2 - Manager Configuration Guide


9.4.3 Stopping using the communication encryption function

This subsection explains how to make changes on the manager host and the viewer host when the user stops using the communication encryption function. If you stop using the function temporarily, there is no need to perform steps 4, 7, and 11. If there are multiple manager hosts, perform this procedure on each of the manager hosts.

Figure 9‒11: Procedure for stopping using the communication encryption function

[Figure]

The following provides a detailed explanation (the numbers below correspond to the numbers in the figure).

  1. Stop JP1/IM - Manager.

  2. Stop JP1/Base.

  3. Disable the communication encryption function in JP1/Base.#1

  4. Delete the private key and certificates in JP1/Base.

  5. Start JP1/Base.

  6. Start JP1/IM - Manager.

  7. In JP1/IM - View, delete the root certificate for verifying the server certificate of JP1/IM - Manager on which the communication encryption function will no longer be used.#2

    When you delete a root certificate in JP1/IM - View, you have to know the manager to which the host the root certificate being deleted corresponds. For details, see 13.11.3(1) Encryption between a manager host and a viewer host in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

    • Root certificate storage location

      View-path\conf\ssl\rootcer

  8. If you will be using non-encrypted communication with the manager host that will stop using the function, specify the host name of that manager host in the definition file in JP1/IM - View.

    For details, see Non-encryption communication host configuration file (nosslhost.conf) in Chapter 2. Definition Files in the manual JP1/Integrated Management 2 - Manager Command, Definition File and API Reference.

  9. Log in to JP1/IM - Manager again from JP1/IM - View.

  10. Stop JP1/IM - Manager and JP1/Base on the remote host in the following cases:

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

  11. Delete the root certificate on the remote manager host in the following cases:#2

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

    Delete the root certificate used for verifying the server certificate of JP1/IM - Manager that will stop using the communication encryption function. If the root certificate is combined with other certificates, delete only the corresponding root certificate.

  12. If you have deleted all root certificates that have been placed in the following cases, delete the communication encryption function settings (edit the common definition information):#1

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

  13. Start JP1/IM - Manager and JP1/Base on the remote manager host in the following cases:

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

#1: For details, see the JP1/Base User's Guide.

#2: To edit a certificate, use a text editor to open the certificate and edit its contents.

After you have configured the communication encryption function, check that the function has been configured correctly. For details about the checking procedure, see 9.4.5 Checking whether the communication encryption function has been configured correctly.