Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide

10.4.7 Configuring an SSL connection to the directory service

By default, when directory service communications are enabled, NNMi uses the LDAP protocol for retrieving data from a directory service. If your directory service requires an SSL connection, you must enable the SSL protocol to encrypt the data that flows between NNMi and the directory service. To enable the SSL protocol, see 12.2.3 Task 3: Configure user access from the directory service.

SSL requires a trust relationship between the directory service host and the NNMi management server. To create this trust relationship, add a certificate to the NNMi truststore. The certificate confirms the identity of the directory service host to the NNMi management server.

To install a truststore certificate for SSL communications, follow these steps:

  1. Obtain your company's truststore certificate from the directory server.

    The directory service administrator can give you a copy of this text file.

  2. Change to the directory that contains the NNMi truststore:

    • Windows: %NNM_DATA%\shared\nnm\certificates

    • Linux: $NNM_DATA/shared/nnm/certificates

    Execute all commands in this procedure from the certificates directory.

  3. Import your company's truststore certificate into the NNMi truststore.

    1. Execute the following command:

      Windows:

      %jdkdir%\bin\keytool.exe -import -alias nnmi_ldap -keystore nnm.truststore -file <Directory_Server_Certificate.txt>

      Linux:

      $jdkdir/bin/keytool -import -alias nnmi_ldap -keystore nnm.truststore -file <Directory_Server_Certificate.txt>

      <Directory_Server_Certificate.txt> is your company's truststore certificate.

    2. When prompted for the truststore password, enter ovpass.

    3. When prompted to trust the certificate, enter y.

      Example output for importing a certificate into the truststore

      The output format of this command is as follows:

      Owner: CN=NNMi_server.example.com
Issuer: CN=NNMi_server.example.com
Serial number: 494440748e5
Valid from: Tue Oct 28 10:16:21 MST 2008 until: Thu Oct 04 11:16:21 MDT 2108
Certificate fingerprints:MD5: 29:02:D7:D7:D7:D7:29:02:29:02:29:02:29:02:29:02
SHA1: C4:03:7E:C4:03:7E:C4:03:7E:C4:03:7E:C4:03:7E:C4:03
Trust this certificate? [no]: y
Certificate was added to keystore

  4. Check the contents of the truststore:

    Windows:

    %jdkdir%\bin\keytool.exe -list -keystore nnm.truststore

    Linux:

    $jdkdir/bin/keytool -list -keystore nnm.truststore

    When prompted for the truststore password, enter ovpass.

    Example truststore output

    The truststore output format is as follows:

    Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
nnmi_ldap, Nov 14, 2008, trustedCertEntry,
Certificate fingerprint (MD5):29:02:D7:D7:D7:D7:29:02:29:02:29:02:29:02:29:02
    Tip

    The truststore can include multiple certificates.

  5. Execute the following commands to restart NNMi:

    ovstop
ovstart

For more information about the keytool command, search for Key and Certificate Management Tool at Oracle homepage.

To Page Top

© Copyright 2009-2021 Micro Focus or one of its affiliates.

All Rights Reserved. Copyright (C) 2019, 2021, Hitachi, Ltd.

This software and documentation are based in part on software and documentation under license from Micro Focus or one of its affiliates.