Enabling TLS certificate verification for the On-demand real time monitoring

Ops Center Analyzer Detail View User Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99ANA007-06
ft:lastEdition
2026-03-16

The TLS certificate verification enables secure communication between the Analyzer detail view server and the RAID Agent server (usually, the host on which the Analyzer probe server is installed) for On-demand real time monitoring.

  • Obtain a valid TLS certificate (for example, server.crt file) from the RAID Agent server and save it in the /tmp directory on the Analyzer detail view server.

    TLS certificate verification is a global setting. If there are multiple RAID Agent servers available in the Analyzer detail view server, make sure you obtain the TLS certificates for all the RAID Agent servers.

  • Identify and note the Java keystore path on the Analyzer detail view server machine.
  1. Log on to the Analyzer detail view server through an SSH client (like putty) as a root user.
  2. Stop the crond service using the command: 
    service crond stop
  3. Stop the megha service using the command: 
    /usr/local/megha/bin/megha-jetty.sh stop
  4. Make a backup of the custom.properties file: 
    cp /usr/local/megha/conf/custom.properties /usr/local/megha/conf/custom_orig.properties
  5. Edit the custom.properties file. 
    vi /usr/local/megha/conf/custom.properties
  6. Add a new entry in the property file: 
    realtimemonitoring.verify.tls.certificate=true
  7. Save the custom.properties file.
  8. Navigate to the Java keystore directory. For example: 
    /usr/lib/jvm/java-17-amazon-corretto/lib/security
  9. If the jssecacerts file does not exist, create it.
  10. Import the TLS certificate into the Analyzer detail view server using the keytool command: 
    keytool -importcert -alias Alias_name -keystore Truststore_file_path -storetype jks -storepass Truststore_file_password -file TLS_certificate_file_path
    Note: You can define any unique alias name for TLS certificate.
    For example:
    keytool -importcert -alias aliasName -keystore jssecacerts -storetype jks -storepass changeit -file /tmp/server.crt
  11. If there are multiple RAID Agent servers, repeat step 10 for each instance.
  12. Make sure that the megha user has the read permission for the jssecacerts file. If not, change the permissions as in this example: 
    chmod o+r jssecacerts
  13. Start the megha service and verify the status: 
    /usr/local/megha/bin/megha-jetty.sh start
/usr/local/megha/bin/megha-jetty.sh status
  14. Start the crond service and verify the status: 
    service crond start
service crond status
    Note: If you upgrade the JDK in the future, make sure that the jssecacerts file is copied in the upgraded JDK directory.

    For example: If you upgrade JDK from v1.8.0 to v17, copy the jssecacerts file from/usr/java/jdk1.8.0_291-amd64/jre/lib/security to /usr/lib/jvm/java-17-amazon-corretto/lib/security.

    After copying the jssecacerts file, make sure that megha user has read permission for the jssecacerts file.