HP 3PAR StoreServ 7200 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 17

Post-Installation Tasks, Enabling SSL for the Policy Server

Get HP 3PAR StoreServ 7200 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7200 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

5 Post-Installation Tasks To complete the HP 3PAR Policy Server installation, you must take additional steps before the Policy Server can be used by a Service Processor. The following tasks must be completed before you configure a Service Processor to use this Policy Server: • Enable SSL for the Policy Server. • Update the Policy Server policies. Enabling SSL for the Policy Server The Service Processor (SP) communicates with the HP 3PAR Policy Server over SSL. In order to do this, the Policy Server must be configured to have an SSL certificate. The following section describes how to use a self-signed certificate to configure the Policy Server for SSL. You can also use an existing certificate infrastructure (such as VeriSign or Microsoft Certificate Services). For more information about how to do this, see "Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure " (page 30). Configuring the Policy Sever for SSL by Using a Self-Signed Certificate A self-signed certificate can be created by using the keytool command that is included with the Java Runtime Environment (JRE). To do this, follow these steps: 1. On the Windows server that is running Policy Server, open a command prompt. 2. Create the directory in which to store the keystore file (this is the same path you entered when you installed the Policy Server): C:\>mkdir c:\hp-3par 3. Change to the directory where the keytool command exists: C:\> cd C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin 4. Execute the keytool -genkey command using the keystore file and password entered during the Policy Server installation: C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -keyalg RSA -alias tomcat -keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: 127.0.0.1 What is the name of your organizational unit? [Unknown]: HP What is the name of your organization? [Unknown]: 3par What is the name of your City or Locality? [Unknown]: roseville What is the name of your State or Province? [Unknown]: ca What is the two-letter country code for this unit? [Unknown]: us Is CN=127.0.0.1, OU=HP, O=3par, L=roseville, ST=ca, C=us correct? [no]: yes Enter key password for (RETURN if same as keystore password): Enabling SSL for the Policy Server 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
5 Post-Installation Tasks
To complete the HP 3PAR Policy Server installation, you must take additional steps before the Policy
Server can be used by a Service Processor. The following tasks must be completed before you
configure a Service Processor to use this Policy Server:
Enable SSL for the Policy Server.
Update the Policy Server policies.
Enabling SSL for the Policy Server
The Service Processor (SP) communicates with the HP 3PAR Policy Server over SSL. In order to do
this, the Policy Server must be configured to have an SSL certificate.
The following section describes how to use a self-signed certificate to configure the Policy Server
for SSL. You can also use an existing certificate infrastructure (such as VeriSign or Microsoft
Certificate Services). For more information about how to do this, see
“Configuring the Policy Sever
for SSL by Using an Existing Certificate Infrastructure ” (page 30)
.
Configuring the Policy Sever for SSL by Using a Self-Signed Certificate
A self-signed certificate can be created by using the
keytool
command that is included with the
Java Runtime Environment (JRE). To do this, follow these steps:
1.
On the Windows server that is running Policy Server, open a command prompt.
2.
Create the directory in which to store the keystore file (this is the same path you entered when
you installed the Policy Server):
C:\>mkdir c:\hp-3par
3.
Change to the directory where the keytool command exists:
C:\> cd C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin
4.
Execute the
keytool
genkey
command using the keystore file and password entered
during the Policy Server installation:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -keyalg RSA
-alias tomcat -keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
127.0.0.1
What is the name of your organizational unit?
[Unknown]:
HP
What is the name of your organization?
[Unknown]:
3par
What is the name of your City or Locality?
[Unknown]:
roseville
What is the name of your State or Province?
[Unknown]:
ca
What is the two-letter country code for this unit?
[Unknown]:
us
Is CN=127.0.0.1, OU=HP, O=3par, L=roseville, ST=ca, C=us correct?
[no]:
yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Enabling SSL for the Policy Server
17