HP HPE VAN SDN Controller 2.7 - Page 111

231 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

1. From the Configurations screen of the controller UI, do the following:

a. In the Advanced tab of the Configurations screen, select each of the following

components and change the value of the selfsigned key to false:

com.hp.sdn.api.impl.AlertPostManager

com.hp.sdn.misc.AdminRestComponent

com.hp.sdn.misc.ServiceRestComponent

b. Select the com.hp.sdn.adm.mgr.impl.hpws.HpwsInstallManager configurable

component and ensure that the following keys have the values indicated in the following

table:

ValueKey

/opt/sdn/admin/keystorekeystore

password is not displayed(ENC())keystore.password

falseselfsigned

/opt/sdn/admin/truststoretruststore

password is not displayed (ENC())truststore.password

2. Login to the system running the SDN Controller as the sdn user and stop the controller.

sudo service sdna stop

3. Back up your default /opt/sdn/admin/keystore and /opt/sdn/admin/truststore

to a safe location.

In order to create the new keystore and CSR a Java keytool is used. This tool can be

found at /opt/sdn/openjdk8-jre/bin/keytool.

4. As the sdn user, create a new keystore using the following commands:

cd /opt/sdn/admin

rm keystore truststore

/opt/sdn/openjdk8-jre/bin/keytool -genkey -alias serverKey -keyalg

rsa -keysize 2048 -keystore keystore

To support teaming, you must specify an IP address as the common name when configuring

your server for the first and last name question.

5. Generate a CSR (Certificate Signing Request) for signing:

/opt/sdn/openjdk8-jre/bin/keytool -keystore keystore -certreq -alias

serverKey -keyalg rsa -file sdn-server.csr

6. Send the sdn-server.csr to a CA to be signed.

The CA will authenticate you and return a signed certificate and its CA certificate chain. We

assume the signed certificate from the CA is named signed.cer and the CA's certificate

is root.cer. If root.cer is from your own internal CA, then you need to import root.cer

into your browser as an authority.

7. Import the signed certificates into your keystore and truststore as follows.

Import the root.cer certificate into your keystore and truststore:

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

keystore -file root.cer -alias CARoot

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

truststore -file root.cer -alias CARoot

Changing the default controller keystore and truststore to use CA signed certificates 111

Table of Contents

Related product manuals

Preview: HP HPE MR Gen11

HP HPE MR Gen11

Preview: HP P420

Preview: HP 4400

Preview: HP MSM7XX

Preview: HP MSM720

Preview: HP E-MSM720

Preview: HP MR Gen10 Plus

HP MR Gen10 Plus

Preview: HP 9000 300 Series

HP 9000 300 Series

Preview: HP Smart Array P830

HP Smart Array P830

Preview: HP Smart Array P800

HP Smart Array P800

Preview: HP StorageWorks P2000

HP StorageWorks P2000