Setting the path information for the server certificate and private key

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23

In the Common Services properties file, specify the settings for the signed server certificate obtained from the certificate authority and the settings for the private key.

Concatenate the signed server certificate obtained from the certificate authority and the certificate from the intermediate certificate authority into a single file as follows. If there are multiple certificates from intermediate certificate authorities, concatenate all certificates in a chain.

awk 1 server-certificate-signed-by-certificate-authority certificate-from-an-intermediate-certificate-authority [certificate-from-an-intermediate-certificate-authority ...] > chained-server-certificate
  1. Log in to the management server as the root user.
    If you log in as an ordinary user, use the sudo command to complete the following procedure as the root user.
  2. Transfer the signed server certificate obtained from the certificate authority and the private key to the management server in a secure manner.
  3. Store the server certificate and the private key in the following location:

    /var/installation-directory-of-Common-Services/tls/

    For example, for an OVA install uses the following directory:

    /var/opt/hitachi/CommonService/tls/

  4. In the following properties file, specify the absolute paths to the server certificate file and private key file, and then save the file.
    Properties file location
    /var/installation-directory-of-Common-Services/userconf/config_user.properties

    For example, for an OVA install uses the following file:

    /var/opt/hitachi/CommonService/userconf/config_user.properties

    Settings
    • RSA settings:
      CS_GW_SSL_CERTIFICATE=absolute-path-of-the-certificate-(RSA)-file
      CS_GW_SSL_CERTIFICATE_KEY=absolute-path-of-the-private-key-(RSA)-file
    • ECDSA settings:
      CS_GW_SSL_CERTIFICATE_ECDSA=absolute-path-of-the-certificate-(ECDSA)-file
      CS_GW_SSL_CERTIFICATE_KEY_ECDSA=absolute-path-of-the-private-key-(ECDSA)-file
  5. If this is the first time configuring SSL, restart the Common Services service.
    Note: In an environment where SSL communication settings have already been configured, if you want to change the settings in config_user.properties by adding ECDSA settings or reissuing a server certificate, complete the following procedures to configure SSL communication by configuring the settings for each product and Common Services, and then restarting the Common Services service. If you restart the Common Services service before configuring the settings, a communication error might occur.