10.4.5 Working with Certificates in High-Availability Environments
This section explains how to configure a high availability cluster that uses self-signed or Certificate Authority certificates based on the above diagram.
- Organization of this subsection
(1) Configuring High-Availability Using Default Certificates
The process for configuring NNMi for HA correctly shares the self-signed certificate among the primary and secondary cluster nodes. You do not need to take any extra steps to use the default certificate with NNMi running under HA.
(2) Configuring an HA cluster to use a new certificate
Suppose you create a new self-signed or CA certificate, referred to as newcert. Complete the following steps to configure HA to use this new CA or self-signed certificate.
You can complete this procedure before or after configuring NNMi for HA, as described in 19.4 Configuring HA.
- Important
-
When making file changes under High Availability (HA), you must make the changes on both nodes in the cluster. If the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the ovstop and ovstart commands. See 19.6.1 Placing NNMi in maintenance mode for more information.
Change to the following directory on NNMi_HA1 before completing step 2:
Windows: %NNM_DATA%\shared\nnm\certificates
Linux: $NNM_DATA/shared/nnm/certificates
On NNMi_HA1, execute the following command to import newcert into the nnm.keystore file:
Windows:
%jdkdir%\bin\keytool.exe -import -alias <newcert_Alias> -keystore nnm.keystore -file newcert
Linux:
$jdkdir/bin/keytool -import -alias <newcert_Alias> -keystore nnm.keystore -file newcert
Edit the following file on both the active cluster node (NNMi_HA1) and the standby node (NNMi_HA2):
Windows: %NNM_DATA%\conf\nnm\props\nms-local.properties
Linux: $NNM_DATA/conf/nnm/props/nms-local.properties
Change the following line in the nms-local.properties file on both NNMi_HA1 and NNMi_HA2:
com.hp.ov.nms.ssl.KEY_ALIAS = <newcert_Alias>
Save your changes.