Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide

10.3.7 Working with Certificates in Global Network Management Environments

Caution

NNMi 11-50 or later version introduce a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 or later version on a system. Environments upgraded from an older version of NNMi continue to use a JKS repository to store certificates.

In upgraded environments, you can migrate to the PKCS #12 repository by using the steps in 10.2 Configuring an Upgraded NNMi Environment to Use the New Keystore.

During NNMi installation, the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server's nnm-key.p12 and nnm-trust.p12 files.

Complete the following steps to configure the global network management feature to use self-signed/CA-signed certificates based on the following diagram.

Before you begin, make sure that the required certificates are created on the regional manager systems. For details, see 10.3.4 Replacing an Existing Certificate with a new Self-Signed or CA-Signed Certificate.

Note

If you are using a mix of newly installed NNMi 11-50 or later version instances and NNMi management servers upgraded to 11-50 or later version from an older version, follow the guideline in NNMi management servers upgraded to the version 11-50.

Figure 10‒3: Global network management

[Figure]

  1. Change to the following directory on regional1 and regional2:

    • Windows: %NnmDataDir%shared\nnm\certificates

    • Linux: $NnmDataDir/shared/nnm/certificates

  2. Copy the nnm-trust.p12 files from the above locations on regional1 and regional2 to some temporary location on global1.

  3. Run the following commands on global1 to merge the regional1 and regional2 certificates into global1's nnm-trust.p12 file:

    nnmcertmerge.ovpl -truststore <regional1_nnm-trust.p12_location>
nnmcertmerge.ovpl -truststore <regional2_nnm-trust.p12_location>

  4. Run the following commands to restart NNMi on global1:

    ovstop
ovstart
Important

When making file changes under High Availability (HA), you need to make the changes on both nodes in the cluster. For NNMi using HA configurations, if the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the ovstop and ovstart commands. See 19.6.1 Placing NNMi in maintenance mode for more information.

To Page Top

© Copyright 2009-2021 Micro Focus or one of its affiliates.

All Rights Reserved. Copyright (C) 2019, 2021, Hitachi, Ltd.

This software and documentation are based in part on software and documentation under license from Micro Focus or one of its affiliates.