Configuring SSL communications by using the SSL Setup tool

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

The following figure shows the workflow for configuring SSL communications by using the SSL Setup tool (cssslsetup command).

The following Hitachi Ops Center products can be configured for SSL communications by using the cssslsetup command:

  • Hitachi Ops Center Common Services
  • Hitachi Ops Center Automator
  • Hitachi Ops Center Analyzer
  • Hitachi Ops Center Analyzer detail view
  • Hitachi Ops Center Analyzer viewpoint
  • Hitachi Ops Center Analyzer probe server
  • Hitachi Ops Center Analyzer Virtual Storage Software Agent
  • Hitachi Ops Center Administrator
  • Hitachi Ops Center Protector (Master)
  • Hitachi Ops Center API Configuration Manager
Note:
  • You can use the SSL Setup tool for products for which a supported version is installed. If the installed version is not supported, upgrade the product and then use the tool. For details on the versions of each product supported by the SSL Setup tool, see the Hitachi Ops Center Release Notes.
  • If API Configuration Manager is installed by a user other than the root user, it is not displayed in the list and SSL communications cannot be configured. Configure the settings manually as described in the Hitachi Ops Center API Configuration Manager REST API Reference Guide.
  • When specifying a certificate for the cssslsetup command, specify the certificate in the X.509 PEM format. Make sure that the certificate file specified for the cssslsetup command contains only text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. If the file contains any other text, attempts to set the certificate might fail.

You can run the cssslsetup command on each management server. For a management server where Common Services is not installed or the Analyzer probe server, obtain the cssslsetup command from the installation media. The storage locations of the cssslsetup command are as follows:

  • If Common Services is installed on the management server:

    The cssslsetup command is located

    installation-directory-of-Common-Services/utility/bin

  • If Common Services is not installed on the management server:

    Expand utility.tar from the installation media.

    Storage locations of utility.tar:

    • root-directory-of-the-Common-Services-installation-media/utility.tar
    • root-directory-of-the-Server-Express-installer-media/COMMONSERVICES/utility.tar
    • root-directory-of-the-Client-Express-installer-media/COMMONSERVICES/utility.tar

    The cssslsetup command is located

    The cssslsetup command is stored in the following location after the files are extracted from utility.tar:

    directory-where-utility.tar-is-extracted/utility/bin

The following settings are not configured by the cssslsetup command:

  • Settings using both RSA and Elliptic Curve Digital Signature Algorithm (ECDSA) as public key encryption algorithms

    For details on how to set up such a configuration, see the procedure described in Configuring SSL communications without using the SSL Setup tool.

  • Settings for storage systems and Active Directory, LDAP, and identity provider servers
  • Settings for the Protector clients

    Configure these settings as necessary by referring to the manual for Protector.