10.3 Using Certificates with the PKCS #12 Repository
Prior to the version 11-50, NNMi used to provide a Java KeyStore (JKS) repository to store certificates. NNMi 11-50 or later version introduce a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi 11-50 or later version on a system.
However, when you upgrade an older version of NNMi to 11-50 or later version, the PKCS #12 file-based certificate management does not immediately come into effect and NNMi continues to use the JKS repository for certificate management.
This section provides you with the procedures to work with certificates in a new installation of NNMi or an environment where the certificate repository is migrated to the PKCS #12 format.
- Note
-
Since NNMi 13-00, the Subject Alternative Name (SAN) is added to the NNMi self-signed certificate for the new installation.
If you upgraded NNMi from NNMi 12-60 or earlier, the self-signed certificates of NNMi doesn't have a SAN. If you are using self-signed certificate of NNMi for SSL communication to NNMi and need to replace it with a self-signed certificate with a SAN, please see the Release Notes.
In addition, some browsers, such as Microsoft Edge and Google Chrome, may use a SAN for certificate authentication. If you use a CA-signed certificate, ask the CA signing authority to issue a certificate with a SAN added as necessary.
- Organization of this section
10.3.4 Replacing an Existing Certificate with a new Self-Signed or CA-Signed Certificate
10.3.5 Working with Certificates in Application Failover Environments
10.3.6 Working with Certificates in High-Availability Environments
10.3.7 Working with Certificates in Global Network Management Environments
10.3.8 Configuring an SSL connection to the Directory service