10.4.4 Configuring application failover to use self-signed certificates
|
![[Figure]](GRAPHICS/F0000022.GIF)
When configuring the application failover feature, you must merge the contents of both nodes' nnm.keystore files and nnm.truststore files into a single nnm.keystore file and a single nnm.truststore file, respectively. Complete the following steps to configure the application failover feature to use self-signed certificates based on the above diagram.
- Caution
-
If you are using self-signed certificates with NNMi together with the application failover feature and you do not perform the following steps, NNMi processes will not start correctly on the standby NNMi management server (Server Y in this example).
Change to the following directory on Server Y:
Windows: %NNM_DATA%\shared\nnm\certificates
Linux: $NNM_DATA/shared/nnm/certificates
Copy the nnm.keystore and nnm.truststore files from Server Y to some temporary location on Server X.
The remaining steps refer to these file locations as <keystore> and <truststore>.
Execute the following command on Server X to merge Server Y's certificates into Server X's nnm.keystore and nnm.truststore files:
nnmcertmerge.ovpl -keystore <keystore> -truststore <truststore>
Copy the merged nnm.keystore and nnm.truststore files from Server X to Server Y, so that both nodes have the merged files.
The location of these files is as follows:
Windows: %NNM_DATA%\shared\nnm\certificates
Linux: $NNM_DATA/shared/nnm/certificates
Execute the command shown below on both Server X and Server Y.
Verify that the displayed results from both servers, including the fully-qualified-domain names, match. If they do not match, do not continue; instead, redo beginning with step 1.
Windows:
%jdkdir%\bin\keytool.exe -list -keystore %NnmDataDir%shared\nnm\certificates\nnm.keystore -storepass nnmkeypass
Linux:
$jdkdir/bin/keytool -list -keystore $NnmDataDir/shared/nnm/certificates/nnm.keystore -storepass nnmkeypass
Execute the command shown below on both Server X and Server Y.
Verify that the displayed results from both servers, including the fully-qualified-domain names, match. If they do not match, do not continue; instead, redo beginning with step 1.
Windows:
%jdkdir%\bin\keytool.exe -list -keystore %NnmDataDir%shared\nnm\certificates\nnm.truststore -storepass ovpass
Linux:
$jdkdir/bin/keytool -list -keystore $NnmDataDir/shared/nnm/certificates/nnm.truststore -storepass ovpass
Continue configuring the application failover feature from 18. Configuring NNMi for Application Failover.
- Note
Although you manually completed step 4, after you start the application failover feature, NNMi automatically replicates the merged keystore and truststore information from Server X to Server Y.