Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide

10.3.1 Generating a Self-Signed Certificate

Caution

NNMi 11-50 or later version introduce a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 or later version on a system. Environments upgraded from an older version of NNMi continue to use a JKS repository to store certificates.

In upgraded environments, you can migrate to the PKCS #12 repository by using the steps in 10.2 Configuring an Upgraded NNMi Environment to Use the New Keystore.

To generate a self-signed certificate, follow these steps:

  1. Change to the directory on the NNMi management server that contains the nnm-key.p12 and nnm-trust.p12 files:

    • Windows: %NnmDataDir%shared\nnm\certificates

    • Linux: $NnmDataDir/shared/nnm/certificates

  2. Save a backup copy of the nnm-key.p12 file.

  3. Delete the existing nnm-key.p12 file.

  4. Generate a private key from your system.

    Use the nnmkeytool.ovpl command to generate this private key:

    1. Run the following command exactly as shown:

      • Windows:
        %NnmInstallDir%bin\nnmkeytool.ovpl -genkeypair -validity 36500 -keyalg rsa -keystore nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass -alias <alias_name>
      • Linux:
        $NnmInstallDir/bin/nnmkeytool.ovpl -genkeypair -validity 36500 -keyalg rsa -keystore nnm-key.p12 -storetype PKCS12 -storepass nnmkeypass -alias <alias_name>
      Note

      The alias, referred to as <alias_name> in this example, identifies this newly-created key. Although the alias can be any string, we recommends you use the fully-qualified domain name (FQDN) followed by a suffix to help you easily identify the right version. For example, you can use alias name as myserver.mydomain-<number> or myserver.mydomain-<date>.

    2. Enter the requested information.

      Note

      When prompted for your first and last name, enter the FQDN of your system.

    A self-signed certificate is generated.

    For obtaining CA-signed certificates, you need to additionally generate and submit a CSR file to a CA. For more information, see 10.3.2 Generating a CA-Signed Certificate.

To Page Top

© Copyright 2009-2021 Micro Focus or one of its affiliates.

All Rights Reserved. Copyright (C) 2019, 2021, Hitachi, Ltd.

This software and documentation are based in part on software and documentation under license from Micro Focus or one of its affiliates.