Use the SSL Setup tool to specify the server certificate and the private key
for the Hitachi Ops Center products
on the management server.
Note: When
configuring SSL server settings on multiple management servers, use the SSL Setup tool on
each management server.
-
Log in to the management server as the root user.
If you log in as an ordinary user, use the sudo command to complete the following procedure as the root user.
-
Run the cssslsetup command, which is in the
following location:
- If Common Services is installed on the management server:
- installation-directory-of-Common-Services/utility/bin
- If Common Services is not installed on the management server:
- directory-where-utility.tar-is-extracted/utility/bin
The main menu is displayed:
Main menu Ver:cssslsetup-command-version 1. Create certificate signing request and private key. 2. Set up SSL server. 3. Set up SSL client. 4. Enable/disable certificate verification(optional). 5. Restart services for each product. Enter a number or q to quit:
-
Enter 2.
A list of installed products appears.
-
Specify the target products for which you want to configure the SSL
server.
Use commas to specify multiple products.
- Enter an absolute path to the file where the shared private key is located.
- Enter an absolute path to the file where the shared server certificate is located.
-
Specify whether the server certificate specified is issued by an intermediate
certificate authority.
Note: If you specified a server certificate issued by an intermediate certificate authority, create a certificate file by appending -chained to the file name. Do not delete this file.
- If you specified yes in step 7, specify the absolute path of the certificate of the intermediate certificate authority.
- To specify settings for Analyzer detail view, Analyzer probe server, or API Configuration Manager, use an absolute path for the root certificate of the server certificate for use with all Hitachi Ops Center products.
-
In the following cases,
enter the host name specified when creating the CSR.
- If you specify settings for Automator
- If you specify settings for Analyzer
- If you specify settings for the RAID Agent on the Analyzer probe server
- To specify settings for Administrator, enter the port number.
-
To specify settings for Administrator, enter the Virtual Appliance Manager credentials.
The default credentials of the Virtual Appliance Manager are described in the Hitachi Ops Center Administrator Getting Started Guide.
- To specify settings for Analyzer detail view or Analyzer probe server, enter a common password for the truststore, keystore, and key manager.
-
To specify settings for real time data collection of Analyzer detail view, select
1. Yes.
-
To specify settings, enter a common password for the truststore and
keystore.
The default password is changeit. To set a password other than changeit, in the following step, select 1. Yes.
-
When entering the password, if you entered a password other than the
default, select 1. Yes.
If you selected 1. Yes, in order to set the password, real time data collection services of Analyzer detail view will be stopped.
-
To specify settings, enter a common password for the truststore and
keystore.
-
In the following cases,
when ECC encryption certificate settings are enabled, specify whether to leave
these settings enabled.
- If you specify settings for Automator
- If you specify settings for Analyzer
- If you specify settings for the RAID Agent on the Analyzer probe server
-
If you specify settings for the Analyzer Virtual
Storage Software Agent, import the server certificate to be shared.
- Specify an absolute path to the file where the keystore that imports the server certificate is located.
- Specify the password for the keystore.
- Enter the alias name (server identification name).
-
To implement the SSL server settings, enter 1. Yes.
After the settings are implemented, a message is displayed and the main menu reappears.
-
Enter 5 to restart the services for each product.
Note: If you want to use the real time data collection of Analyzer detail view, restart the Analyzer detail view services. You must also configure the SSL client settings for the Analyzer probe server. For details, see the Configuring SSL client settings and enabling certificate verification (SSL Setup tool).