Use the SSL Setup tool to create a private key and a certificate signing
request (CSR) for use with all
Hitachi Ops Center products.
-
Log in to the management server as the root user.
If you log in as an ordinary user, use the sudo command to complete the following procedure as the root
user.
-
Run the cssslsetup command, which is in the
following location:
- If Common Services is
installed on the management server:
- installation-directory-of-Common-Services/utility/bin
- If Common Services is not
installed on the management server:
- directory-where-utility.tar-is-extracted/utility/bin
The main menu is displayed:
Main menu Ver:cssslsetup-command-version
1. Create certificate signing request and private key.
2. Set up SSL server.
3. Set up SSL client.
4. Enable/disable certificate verification(optional).
5. Restart services for each product.
Enter a number or q to quit:
-
Enter 1. You are prompted to provide the required
certificate information:
- Absolute path to the file where the shared private key is
output
- Absolute path to the file where the CSR is output
- Signature algorithm for RSA
- Key size
- Host name (CN)
- Organizational unit (OU)
- Organization name (O)
- Name of the city or locality (L)
- Name of the state or province (ST)
- 2-letter country code (C)
- Host name (or FQDN), IP address or both of
SubjectAltName
Note: When you use the certificate for enabling SSL encryption for
real time data collection in the Analyzer detail view server, enter the IP address of SubjectAltName and issue a
certificate that includes the IP address specified in the SubjectAltName
field.
-
Make sure that the settings are correct. If they are correct, enter
1. Yes.
If you want to specify the settings again, enter 2. No
(Cancel) to return to the main menu.
-
When the CSR is successfully created, the results are displayed and the main
menu reappears. To exit, enter q.
-
Access the CSR from the directory that you specified when creating the request
and submit the CSR to the certificate authority requesting that they issue a
signed certificate.
For details, follow the procedure provided by the certificate
authority.
-
After obtaining the server certificate signed by the certificate authority, run
the following command to check the results:
If Common Services is installed on the management server:
installation-directory-of-Common-Services/openssl/bin/openssl x509 -text -in full-path-of-the-certificate-file
If Common Services is not installed on the management server:
directory-where-utility.tar-is-extracted/utility/lib/openssl/bin/openssl x509 -text -in full-path-of-the-certificate-file