- To configure real time data collection for the Analyzer probe server, create the client.truststore.jks file on the Analyzer detail view server in advance, and then copy it to /usr/local/megha/conf/kafka on the Analyzer probe server. For details, see the Analyzer manual.
- To configure SSL communications between the RAID Agent on the Analyzer probe server and your storage systems, create an instance environment in advance. For details, see the Analyzer manual.
-
Log in to the management server as the root user.
If you log in as an ordinary user, use the sudo command to complete the following procedure as the root user.
-
Run the cssslsetup command, which is in the
following location:
- If Common Services is installed on the management server:
- installation-directory-of-Common-Services/utility/bin
- If Common Services is not installed on the management server:
- directory-where-utility.tar-is-extracted/utility/bin
The main menu is displayed:
Main menu Ver:cssslsetup-command-version 1. Create certificate signing request and private key. 2. Set up SSL server. 3. Set up SSL client. 4. Enable/disable certificate verification(optional). 5. Restart services for each product. Enter a number or q to quit:
- Enter 3.
-
Specify the target products for which you want to configure SSL client
settings.
Use commas to specify multiple products.
-
Import the root certificate for common use.
If you only want to configure the settings for linking with Active Directory, LDAP, or an AD FS server, press Enter without specifying anything.Note: You must import the root certificate of the server certificate for Common Services.
- Specify an absolute path to the file where the root certificate is located.
- When the truststore file name is displayed, enter the truststore password. However, the truststore file name is not displayed for Analyzer viewpoint.
-
Enter the alias name (server identification name).
If you specify an alias name that is already used for the truststore, you are asked whether you want to re-register the alias name. Alias names are not case-sensitive. Run the following command to verify the alias name:
keytool -v -list -keystore path-to-truststore-file
-
Import the server certificate or the root certificate of the product that
establishes SSL communication with the Analyzer probe server.
- Specify an absolute path to the file where the server certificate or the root certificate of the target product is located.
- When the truststore file name is displayed, enter the truststore password.
-
Enter the alias name (server identification name).
If you specify an alias name that is already used for the truststore, you are asked whether you want to re-register the alias name. Alias names are not case-sensitive. Run the following command to verify the alias name:
keytool -v -list -keystore path-to-truststore-file
- If you have other certificates to import, enter 1. Yes. If not, enter 2. No.
- Repeat this procedure until you finish importing all certificates for products that require SSL communications. For the second time and later, you do not need to enter the truststore password.
-
If you are configuring settings for Analyzer Virtual
Storage Software Agent, import the root certificate of VSP One SDS Block.
- Specify an absolute path to the file where the root certificate of VSP One SDS Block is located.
- When the truststore file name is displayed, enter the truststore password.
-
Enter the alias name (server identification name).
If you specify an alias name that is already used for the truststore, you are asked whether you want to re-register the alias name. Alias names are not case-sensitive. Run the following command to verify the alias name:
keytool -v -list -keystore path-to-truststore-file
-
If you want to link with Active Directory, LDAP, or an AD FS server, import the
certificate associated with the server.
-
Enter, as an absolute path, the file name of the certificate for the
Active Directory, LDAP, or AD FS server.
If you do not want to link with Active Directory, LDAP, or AD FS server, just press Enter.
- When the truststore file name is displayed, enter the truststore password.
-
Enter the alias name (server identification name).
If you specify an alias name that is already used for the truststore, you are asked whether you want to re-register the alias name. Alias names are not case-sensitive. Run the following command to verify the alias name:
keytool -v -list -keystore path-to-truststore-file
-
Enter, as an absolute path, the file name of the certificate for the
Active Directory, LDAP, or AD FS server.
-
For API Configuration Manager, configure SSL communications with your storage systems.
- If you want to configure SSL communications, enter 1. Yes.
- Enter the storage device ID of the target storage system and use an absolute path for the server certificate.
- To configure SSL communications for additional storage systems, enter 1. Yes. If not, enter 2. No.
- Repeat this procedure until you finish registering all your storage systems.
-
If you use the on-demand real time monitoring of Analyzer detail view, configure
SSL communications for the Analyzer detail view server
and the RAID Agent server.
To configure the settings, perform the following steps:
- Enter 1. Yes.
- When the truststore file name is displayed, specify the truststore password.
-
Enter the alias name (server identification name).
If you specify an alias name that is already used for the truststore, you are asked whether you want to re-register the alias name. Alias names are not case-sensitive. Run the following command to verify the alias name:
keytool -v -list -keystore path-to-truststore-file
- Enter the file name of the server certificate of the target RAID Agent server by using the absolute path.
- To configure SSL communications for an additional RAID Agent server, enter 1. Yes. If not, enter 2. No.
- Repeat this procedure until you finish registering all your RAID Agent servers.
-
Configure SSL communications between the RAID Agent on the Analyzer probe server and your
storage systems. Create a truststore for the instance environment of the RAID
Agent, and then import the storage system certificates into the
truststore.
-
Select the instance environment to configure.
To specify multiple instance environments, separate the instance environments with commas.Note: If a truststore file already exists, it is deleted and a new truststore file is created.
- When the truststore name for the instance environment is displayed, enter the file name of the storage system certificate to be imported by using the absolute path.
- Enter the truststore password.
- Enter the alias name (server identification name).
- If you selected multiple instance environments, repeat this procedure for each instance environment until you finish importing all the certificates.
-
Select the instance environment to configure.
- If you are configuring real time data collection for the Analyzer probe server, enter 1. Yes.
-
Specify whether to enable certificate verification.
Note: If you want to enable certificate verification, you must import the certificate. Perform steps 5 to 12.
Even if you disable certificate verification, if you are using Common Services to link with Active Directory, an LDAP server, or an ID provider, you must import the root certificate of the server to which you are linking to perform authentication.
-
To implement the SSL client settings, enter 1. Yes.
After the settings are implemented, a message is displayed and the main menu reappears.
- Enter 5 to restart the services for each product.