HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 30

E Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure

Get HP 3PAR StoreServ 7400 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 30 highlights

E Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure For environments that have an existing certificate infrastructure, configuring the Policy Sever for SSL requires the following procedures: • Create a Certificate Signing Request (CSR). • Using the CSR, have a Certificate Authority (CA) create an SSL certificate for the server. • Install the new certificate in the Policy Server keystore. • Install the CA certificate in the Policy Server keystore. NOTE: SSL certificate provisioning will vary across environments. The following example uses OpenSSL as a certificate infrastructure. This example is intended only as a reference. 1. Using OpenSSL, create an internal Certificate Authority. For more information, see http:// www.openssl.org/docs/apps/CA.pl.html. 2. Create a directory for the keystore file to reside in, as shown in the following example: C:\>mkdir c:\hp-3par C:\> 3. Change to the directory where the keystore file resides. 4. Using the keytool.exe command that is installed with the HP 3PAR Policy Server, generate a key for the server, as shown in the following example. NOTE: The keystore file is created when you run the keytool.exe command. C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: 10.112.10.196 What is the name of your organizational unit? [Unknown]: ST What is the name of your organization? [Unknown]: 3PAR What is the name of your City or Locality? [Unknown]: Fremont What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=10.112.10.196, OU=ST, O=3PAR, L=Fremont, ST=CA, C=US correct? [no]: yes Enter key password for < tomcat > (RETURN if same as keystore password): Re-enter new password: 5. Create a Certificate Signing Request (CSR) for the Policy Server: C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -certreq -alias tomcat -file c:\hp-3par\tomcat.csr -keystore c:\hp-3par\keystore-ps Enter keystore password: 30 Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
E Configuring the Policy Sever for SSL by Using an Existing
Certificate Infrastructure
For environments that have an existing certificate infrastructure, configuring the Policy Sever for
SSL requires the following procedures:
Create a Certificate Signing Request (CSR).
Using the CSR, have a Certificate Authority (CA) create an SSL certificate for the server.
Install the new certificate in the Policy Server keystore.
Install the CA certificate in the Policy Server keystore.
NOTE:
SSL certificate provisioning will vary across environments. The following example uses
OpenSSL as a certificate infrastructure. This example is intended only as a reference.
1.
Using OpenSSL, create an internal Certificate Authority. For more information, see
h
t
tp://
w
w
w
.ope
ns
sl
.o
r
g/doc
s/a
pp
s/CA.pl
.h
tml
.
2.
Create a directory for the keystore file to reside in, as shown in the following example:
C:\>mkdir c:\hp-3par
C:\>
3.
Change to the directory where the keystore file resides.
4.
Using the
keytool.exe
command that is installed with the HP 3PAR Policy Server, generate
a key for the server, as shown in the following example.
NOTE:
The keystore file is created when you run the
keytool.exe
command.
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -alias tomcat
-keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: 10.112.10.196
What is the name of your organizational unit?
[Unknown]: ST
What is the name of your organization?
[Unknown]: 3PAR
What is the name of your City or Locality?
[Unknown]: Fremont
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=10.112.10.196, OU=ST, O=3PAR, L=Fremont, ST=CA, C=US correct?
[no]: yes
Enter key password for < tomcat >
(RETURN if same as keystore password):
Re-enter new password:
5.
Create a Certificate Signing Request (CSR) for the Policy Server:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -certreq -alias tomcat
-file c:\hp-3par\tomcat.csr -keystore c:\hp-3par\keystore-ps
Enter keystore password:
30
Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure