Setting up secure communication with an Ops Center Analyzer server

Ops Center Automator Installation and Configuration Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99AUT000-24

You can set up SSL communication to be used between the Ops Center Automator server and the Ops Center Analyzer server by using a self-signed certificate or a certificate issued by a certificate authority. You can also change the cipher suites to be used.

If you already set up SSL on the Ops Center Analyzer server, including creating the certificates, go to step 2. Otherwise, start at step 1.
  1. Set up SSL on the Ops Center Analyzer server. For details, see “Configuring an SSL certificate (Analyzer server)” in the Hitachi Ops Center Analyzer Installation and Configuration Guide.
  2. Import the certificates into the Common Component truststore by running the following command:

    For Windows:

    Common-Component-installation-folder\bin\hcmds64keytool -import -alias
alias-name -keystore Common-Component-installation-folder\uCPSB11
\hjdk\jdk\lib\security\jssecacerts -file certificate-file -storetype JKS

    For Linux:

    Common-Component-installation-directory/uCPSB11/jdk/bin/keytool -import -alias alias-name -keystore Common-Component-installation-directory/uCPSB11/
hjdk/jdk/lib/security/jssecacerts -file certificate-file -storetype JKS

    To import the certificates in Java, ensure that the truststore password includes six or more characters. In addition, ensure that the new alias name does not conflict with an existing alias name. Since the certificates used vary depending on the environment and configuration, import either or both RSA and ECDSA certificates into the Common Component truststore based on the certificates available in the Ops Center Analyzer server.

  3. (Optional) If you want to change the cipher suites to be used for communication with the Ops Center Analyzer server, do the following:
    1. Open the config_user.properties file from the following location.
      In Windows (non-cluster): Automation-software-installation-folder\conf

      In Windows (cluster): shared-folder_name\Automation\conf

      In Linux: Automation-software-installation-directory/conf

    2. Edit the tls.client.cipherSuites line. If the tls.client.cipherSuites line does not exist, add it.

      One of the cipher suites in the tls.client.cipherSuites line is used in the communication. Specify the cipher suites you want to use in the tls.client.cipherSuites line. If there are multiple cipher suites you want to use, specify the cipher suites separated by commas.

      For available cipher suites, see Cipher suites supported as a client.

      For details about the tls.client.cipherSuites property, see Changing the system configuration.

  4. Restart the services by running the hcmds64srv command.