HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 30
E Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure
View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 30 highlights
E Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure For environments that have an existing certificate infrastructure, configuring the Policy Sever for SSL requires the following procedures: • Create a Certificate Signing Request (CSR). • Using the CSR, have a Certificate Authority (CA) create an SSL certificate for the server. • Install the new certificate in the Policy Server keystore. • Install the CA certificate in the Policy Server keystore. NOTE: SSL certificate provisioning will vary across environments. The following example uses OpenSSL as a certificate infrastructure. This example is intended only as a reference. 1. Using OpenSSL, create an internal Certificate Authority. For more information, see http:// www.openssl.org/docs/apps/CA.pl.html. 2. Create a directory for the keystore file to reside in, as shown in the following example: C:\>mkdir c:\hp-3par C:\> 3. Change to the directory where the keystore file resides. 4. Using the keytool.exe command that is installed with the HP 3PAR Policy Server, generate a key for the server, as shown in the following example. NOTE: The keystore file is created when you run the keytool.exe command. C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -alias tomcat -keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: 10.112.10.196 What is the name of your organizational unit? [Unknown]: ST What is the name of your organization? [Unknown]: 3PAR What is the name of your City or Locality? [Unknown]: Fremont What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=10.112.10.196, OU=ST, O=3PAR, L=Fremont, ST=CA, C=US correct? [no]: yes Enter key password for < tomcat > (RETURN if same as keystore password): Re-enter new password: 5. Create a Certificate Signing Request (CSR) for the Policy Server: C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -certreq -alias tomcat -file c:\hp-3par\tomcat.csr -keystore c:\hp-3par\keystore-ps Enter keystore password: 30 Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure