Import the root certificate of the server certificate for
Common Services and for each product into the Common Services truststore. If the system is
linked with an Active Directory, LDAP, or identity provider server, you can also import the
root certificates of these server certificates.
Transfer the certificates to the management server in a secure manner.
-
Log in to the management server as the root user.
If you log in as an ordinary user, use the sudo command to complete the following procedure as the root
user.
-
Run the following command to import the root certificate of the server
certificate for Common Services into the truststore.
In some cases, the certificate might already be imported.
- Format
keytool -importcert -alias alias-name -keystore path-to-truststore-file -file path-of-the-certificate-to-be-imported
- Options
-
- -alias alias-name
- Specify the name so that the certificate
can be identified in the truststore.
- -keystore path-to-truststore-file
Specify the following absolute path as the path to the
truststore file:
/var/installation-directory-of-Common-Services/tls/cacerts
For example, for an OVA install uses the
following file:
/var/opt/hitachi/CommonService/tls/cacerts
Note: When you
run the command, you will be asked to enter a password.
The default password for the truststore is
changeit. We recommend that you
change the password.
- -file path-of-the-certificate-to-be-imported
- Specify the absolute path of the certificate to import.
-
In the same way, import the root certificate of the server certificate for
each product into the truststore.
-
When you use LDAPS for communication with the Active Directory or LDAP server, import the
root certificate of the server certificate for the Active Directory or LDAP
server.
-
If you link Common Services with an identity provider, import the root certificate of the server certificate for the identity provider server.
-
Restart the Common Services service and the services for each product.