Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide


10.4.2 Generating a Self-Signed Certificate

To generate a self-signed certificate, follow these steps:

  1. Change to the directory on the NNMi management server that contains the nnm.keystore and nnm.truststore files:

    • Windows: %NnmDataDir%shared\nnm\certificates

    • Linux: $NnmDataDir/shared/nnm/certificates

  2. Save a backup copy of the nnm.keystore file.

    Important
    • If you are replacing an existing NNMi certificate, do not remove the existing certificate until you complete these steps. NNMi must start up at least once with both the old and new certificate installed so that it can transfer encrypted information to the new certificate.

    • Make sure the alias points to the new certificate as described in the next step to ensure NNMi presents the new certificate on the NNMi management server to the client servers.

  3. Generate a private key from your system. Use the keytool command to generate this private key:

    1. Run the following command exactly as shown:

      • Windows:
        %jdkdir%\bin\keytool.exe -genkeypair -validity 36500 -keyalg rsa -keystore nnm.keystore -storepass nnmkeypass -alias <alias_name>
      • Linux:
        $jdkdir/bin/keytool -genkeypair -validity 36500 -keyalg rsa -keystore nnm.keystore -storepass nnmkeypass -alias <alias_name>
      Note

      The alias, referred to as <alias_name> in this example, identifies this newly-created key. Although the alias can be any string, we recommends you use the fully-qualified domain name (FQDN) followed by a suffix to help you easily identify the right version.

    2. Enter the requested information.

      Note

      When prompted for your first and last name, enter the FQDN of your system.

    A self-signed certificate is generated.

    For obtaining CA-signed certificates, you need to additionally generate and submit a CSR file to a CA. For more information, see 10.4.3 Generating a CA-Signed Certificate.