In the Common Services properties file, specify the settings for the signed server
certificate obtained from the certificate authority and the settings for the private
key.
Concatenate the signed server certificate obtained from the certificate authority
and the certificate from the intermediate certificate authority into a single file
as follows. If there are multiple certificates from intermediate certificate
authorities, concatenate all certificates in a chain.
awk 1 server-certificate-signed-by-certificate-authority certificate-from-an-intermediate-certificate-authority [certificate-from-an-intermediate-certificate-authority ...] > chained-server-certificate
-
Log in to the management server as the root user.
If you log in as an ordinary user, use the sudo command to complete the following procedure as the root
user.
-
Transfer the signed server certificate obtained from the certificate authority and the
private key to the management server in a secure manner.
-
Store the server certificate and the private key in the following
location:
/var/installation-directory-of-Common-Services/tls/
For example, for an OVA install uses the following directory:
/var/opt/hitachi/CommonService/tls/
-
In the following properties file, specify the absolute paths to the server certificate file
and private key file, and then save the file.
- Properties file location
- /var/installation-directory-of-Common-Services/userconf/config_user.properties
For example, for an OVA install uses the following
file:
/var/opt/hitachi/CommonService/userconf/config_user.properties
- Settings
-
- RSA settings:
CS_GW_SSL_CERTIFICATE=absolute-path-of-the-certificate-(RSA)-file
CS_GW_SSL_CERTIFICATE_KEY=absolute-path-of-the-private-key-(RSA)-file
- ECDSA settings:
CS_GW_SSL_CERTIFICATE_ECDSA=absolute-path-of-the-certificate-(ECDSA)-file
CS_GW_SSL_CERTIFICATE_KEY_ECDSA=absolute-path-of-the-private-key-(ECDSA)-file
-
If this is the first time configuring SSL, restart the Common Services
service.
Note: In an
environment where SSL communication settings have already been configured,
if you want to change the settings in
config_user.properties by adding ECDSA settings or
reissuing a server certificate, complete the following procedures to
configure SSL communication by configuring the settings for each product and
Common Services, and then restarting the Common Services service. If you
restart the Common Services service before configuring the settings, a
communication error might occur.