Creating a private key and a certificate signing request (SSL Setup tool)

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
Use the SSL Setup tool to create a private key and a certificate signing request (CSR) for use with all Hitachi Ops Center products.
Note: If the certificate has expired or has been revoked by the certificate authority, you must renew it. Follow the procedure in this section to request a new certificate and overwrite the existing one. You must also perform the procedures in Configuring SSL server settings (SSL Setup tool) and Configuring SSL client settings and enabling certificate verification (SSL Setup tool).
  1. Log in to the management server as the root user.
    If you log in as an ordinary user, use the sudo command to complete the following procedure as the root user.
  2. Run the cssslsetup command, which is in the following location:
    If Common Services is installed on the management server:
    installation-directory-of-Common-Services/utility/bin
    If Common Services is not installed on the management server:
    directory-where-utility.tar-is-extracted/utility/bin

    The main menu is displayed:

    Main menu   Ver:cssslsetup-command-version
    1. Create certificate signing request and private key.
    2. Set up SSL server.
    3. Set up SSL client.
    4. Enable/disable certificate verification(optional).
    5. Restart services for each product.
    Enter a number or q to quit:
  3. Enter 1. You are prompted to provide the required certificate information:
    • Absolute path to the file where the shared private key is output
    • Absolute path to the file where the CSR is output
    • Signature algorithm for RSA
    • Key size
    • Host name (CN)
    • Organizational unit (OU)
    • Organization name (O)
    • Name of the city or locality (L)
    • Name of the state or province (ST)
    • 2-letter country code (C)
    • Host name (or FQDN), IP address or both of SubjectAltName
    Note: When you use the certificate for enabling SSL encryption for real time data collection in the Analyzer detail view server, enter the IP address of SubjectAltName and issue a certificate that includes the IP address specified in the SubjectAltName field.
  4. Make sure that the settings are correct. If they are correct, enter 1. Yes.
    If you want to specify the settings again, enter 2. No (Cancel) to return to the main menu.
  5. When the CSR is successfully created, the results are displayed and the main menu reappears. To exit, enter q.
  6. Access the CSR from the directory that you specified when creating the request and submit the CSR to the certificate authority requesting that they issue a signed certificate.
    For details, follow the procedure provided by the certificate authority.
  7. After obtaining the server certificate signed by the certificate authority, run the following command to check the results:

    If Common Services is installed on the management server:

    installation-directory-of-Common-Services/openssl/bin/openssl x509 -text -in full-path-of-the-certificate-file

    If Common Services is not installed on the management server:

    directory-where-utility.tar-is-extracted/utility/lib/openssl/bin/openssl x509 -text -in full-path-of-the-certificate-file