Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide

10.3.5 Working with Certificates in Application Failover Environments

Figure 10‒1: Using certificates with application failover

[Figure]

Caution

NNMi 11-50 or later version introduce a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 or later version on a system. Environments upgraded from an older version of NNMi continue to use a JKS repository to store certificates.

In upgraded environments, you can migrate to the PKCS #12 repository by using the steps in 10.2 Configuring an Upgraded NNMi Environment to Use the New Keystore.

When configuring the application failover feature, you must merge the content of the truststore file for both nodes into one nnm-trust.p12 file.

Complete the following steps to configure the application failover feature to use self-signed or CA-signed certificates.
Caution

If you are using self-signed certificates with NNMi along with the application failover feature, and do not complete the following steps, NNMi processes will not start correctly on the standby NNMi management server (Server Y in this example).

  1. Change to the following directory on Server Y:

    • Windows: %NnmDataDir%shared\nnm\certificates

    • Linux: $NnmDataDir/shared/nnm/certificates

  2. Copy the nnm-trust.p12 file from Server Y to some temporary location on Server X.

    The remaining steps refer to these file locations as <truststore>.

  3. Run the following command on Server X to merge Server Y's truststore into Server X's nnm-trust.p12 file:
    nnmcertmerge.ovpl -truststore <truststore>

  4. Copy the merged nnm-trust.p12 file from Server X to Server Y, so that both nodes have the merged files.

    The location of this file is as follows:

    • Windows: %NnmDataDir%shared\nnm\certificates

    • Linux: $NnmDataDir/shared/nnm/certificates

  5. Run the following command on both Server X and Server Y.

    Verify that the displayed results from both servers, including the fully-qualified-domain names, match. If they do not match, do not continue; instead, redo beginning with step 1.

    Windows:

    %NnmInstallDir%bin\nnmkeytool.ovpl -list -keystore 
%NnmDataDir%shared\nnm\certificates\nnm-trust.p12 -storetype PKCS12 -storepass ovpass
    Linux:
    $NnmInstallDir/bin/nnmkeytool.ovpl -list -keystore 
$NnmDataDir/shared/nnm/certificates/nnm-trust.p12 -storetype PKCS12 -storepass ovpass

  6. Continue configuring the application failover feature at 18. Configuring NNMi for Application Failover.

To Page Top

© Copyright 2009-2021 Micro Focus or one of its affiliates.

All Rights Reserved. Copyright (C) 2019, 2021, Hitachi, Ltd.

This software and documentation are based in part on software and documentation under license from Micro Focus or one of its affiliates.