Configuring SSL server settings (SSL Setup tool)

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
Use the SSL Setup tool to specify the server certificate and the private key for the Hitachi Ops Center products on the management server.
Note: When configuring SSL server settings on multiple management servers, use the SSL Setup tool on each management server.
  1. Log in to the management server as the root user.
    If you log in as an ordinary user, use the sudo command to complete the following procedure as the root user.
  2. Run the cssslsetup command, which is in the following location:
    If Common Services is installed on the management server:
    installation-directory-of-Common-Services/utility/bin
    If Common Services is not installed on the management server:
    directory-where-utility.tar-is-extracted/utility/bin

    The main menu is displayed:

    Main menu   Ver:cssslsetup-command-version
    1. Create certificate signing request and private key.
    2. Set up SSL server.
    3. Set up SSL client.
    4. Enable/disable certificate verification(optional).
    5. Restart services for each product.
    Enter a number or q to quit:
  3. Enter 2.
    A list of installed products appears.
  4. Specify the target products for which you want to configure the SSL server.
    Use commas to specify multiple products.
  5. Enter an absolute path to the file where the shared private key is located.
  6. Enter an absolute path to the file where the shared server certificate is located.
  7. Specify whether the server certificate specified is issued by an intermediate certificate authority.
    Note: If you specified a server certificate issued by an intermediate certificate authority, create a certificate file by appending -chained to the file name. Do not delete this file.
  8. If you specified yes in step 7, specify the absolute path of the certificate of the intermediate certificate authority.
  9. To specify settings for Analyzer detail view, Analyzer probe server, or API Configuration Manager, use an absolute path for the root certificate of the server certificate for use with all Hitachi Ops Center products.
  10. In the following cases, enter the host name specified when creating the CSR.
    • If you specify settings for Automator
    • If you specify settings for Analyzer
    • If you specify settings for the RAID Agent on the Analyzer probe server
  11. To specify settings for Administrator, enter the port number.
  12. To specify settings for Administrator, enter the Virtual Appliance Manager credentials.
    The default credentials of the Virtual Appliance Manager are described in the Hitachi Ops Center Administrator Getting Started Guide.
  13. To specify settings for Analyzer detail view or Analyzer probe server, enter a common password for the truststore, keystore, and key manager.
  14. To specify settings for real time data collection of Analyzer detail view, select 1. Yes.
    1. To specify settings, enter a common password for the truststore and keystore.
      The default password is changeit. To set a password other than changeit, in the following step, select 1. Yes.
    2. When entering the password, if you entered a password other than the default, select 1. Yes.
      If you selected 1. Yes, in order to set the password, real time data collection services of Analyzer detail view will be stopped.
  15. In the following cases, when ECC encryption certificate settings are enabled, specify whether to leave these settings enabled.
    • If you specify settings for Automator
    • If you specify settings for Analyzer
    • If you specify settings for the RAID Agent on the Analyzer probe server
  16. If you specify settings for the Analyzer Virtual Storage Software Agent, import the server certificate to be shared.
    1. Specify an absolute path to the file where the keystore that imports the server certificate is located.
    2. Specify the password for the keystore.
    3. Enter the alias name (server identification name).
  17. To implement the SSL server settings, enter 1. Yes.

    After the settings are implemented, a message is displayed and the main menu reappears.

  18. Enter 5 to restart the services for each product.
    Note: If you want to use the real time data collection of Analyzer detail view, restart the Analyzer detail view services. You must also configure the SSL client settings for the Analyzer probe server. For details, see the Configuring SSL client settings and enabling certificate verification (SSL Setup tool).