HP 3PAR StoreServ 7400 2-node HP 3PAR Policy Server Installation and Setup Gui - Page 32

C:\Program Files x86\HP3Par\PolicyServer\Tomcat6\aps\conf\server.xml, SSL Certificate

Get HP 3PAR StoreServ 7400 2-node PDF manuals and user guides View all HP 3PAR StoreServ 7400 2-node manuals
Add to My Manuals
Save this manual to your list of manuals

Page 32 highlights

7. Install the new certificate and CA certificate in the Policy Server keystore file: a. Transfer both the new certificate (tomcat.crt) and the OpenSSL CA certificate (cacert.crt) to the Policy Server server. b. Install both certificates in the Policy Server keystore file. • SSL Certificate: C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import -trustcacerts -alias tomcat -file c:\hp-3par\tomcat.crt -keystore c:\hp-3par\heystore-ps Enter keystore password: Certificate reply was installed in keystore C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin> • CA certificate: C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import -trustcacerts -alias root -file c:\hp-3par\cacert.crt -keystore c:\hp-3par\keystore-ps Enter keystore password: Owner: [email protected], CN=Cert Admin, OU=3PAR, O=HP, ST=CA, C=US Issuer: [email protected], CN=Cert Admin, OU=3PAR, O=HP, ST=CA, C=US Serial number: ba5d98b125297b80 Valid from: Wed Oct 31 08:16:30 PDT 2012 until: Sat Oct 31 08:16:30 PDT 2015 Certificate fingerprints: MD5: 77:A6:21:D1:36:FE:BF:95:58:D1:67:33:5E:12:14:07 SHA1: 53:55:B0:D8:D3:A4:6B:35:B3:79:DF:DF:47:44:09:76:86:BF:65:F1 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=. 0010: 67 44 14 D6 gD.. #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=. 0010: 67 44 14 D6 gD.. [[email protected], CN=Cert Admin, OU=3PAR, O=HP, ST=CA, C=US] SerialNumber: [ ba5d98b1 25297b80] Trust this certificate? [no]: yes Certificate was added to keystore C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin> Now the Policy Server is enabled to support SSL connections over port 8443. The Policy Server is still configured for non-SSL connections over port 443. HP recommends that users disable the Policy Server from allowing connections over port 443. To disable non-SSL connections to the Policy Server, edit the following Policy Server configuration file: C:\Program Files (x86)\HP3Par\PolicyServer\Tomcat6\aps\conf\server.xml 32 Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
7.
Install the new certificate and CA certificate in the Policy Server keystore file:
a.
Transfer both the new certificate (tomcat.crt) and the OpenSSL CA certificate (cacert.crt)
to the Policy Server server.
b.
Install both certificates in the Policy Server keystore file.
SSL Certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias tomcat -file c:\hp-3par\tomcat.crt -keystore c:\hp-3par\heystore-ps
Enter keystore password:
Certificate reply was installed in keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>
CA certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias root -file c:\hp-3par\cacert.crt -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Owner: [email protected], CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Issuer: [email protected], CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Serial number: ba5d98b125297b80
Valid from: Wed Oct 31 08:16:30 PDT 2012 until: Sat Oct 31 08:16:30 PDT
2015
Certificate fingerprints:
MD5: 77:A6:21:D1:36:FE:BF:95:58:D1:67:33:5E:12:14:07
SHA1: 53:55:B0:D8:D3:A4:6B:35:B3:79:DF:DF:47:44:09:76:86:BF:65:F1
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1
.......
vm.`...=.
0010: 67 44 14 D6 gD..
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1
.......
vm.`...=.
0010: 67 44 14 D6 gD..
[[email protected], CN=Cert Admin, OU=3PAR, O=HP, ST=CA,
C=US]
SerialNumber: [ ba5d98b1 25297b80]
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>
Now the Policy Server is enabled to support SSL connections over port 8443. The Policy Server is
still configured for non-SSL connections over port 443. HP recommends that users disable the Policy
Server from allowing connections over port 443.
To disable non-SSL connections to the Policy Server, edit the following Policy Server configuration
file:
C:\Program Files (x86)\HP3Par\PolicyServer\Tomcat6\aps\conf\server.xml
32
Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure