HP HPE VAN SDN Controller 2.7 - SDN Controller Keystore and Truststore Locations and Passwords; Encryption

231 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Import the root-int.cer certificate into your keystore and truststore.

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

keystore -file root-int.cer -alias CARoot

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

truststore -file root-int.cer -alias CARoot

If you do not have an intermediate root-int.cer file, then instead use a different alias

such as CARootInt. For example:

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

keystore -file root-int.cer -alias CARootInt

/opt/sdn/openjdk8-jre/bin/keytool -importcert -trustcacerts -keystore

truststore -file root-int.cer -alias CARootInt

8. Replace your self-signed certificate in your serverKey entry with the signed certificate from

your CA signed.cer.

/opt/sdn/openjdk8-jre/bin/keytool -importcert -keystore keystore

-file signed.cer -alias serverKey

9. Add the certificate from your CA to Linux trusted certs using root. The following is an example:

root@sdnctl1:/opt/sdn/admin# cp cacert.pem

/usr/local/share/ca-certificates/cacert.crt

root@sdnctl1:/opt/sdn/admin# update-ca-certificates

The following is an example of what you will see displayed during this process:

Updating certificates in /etc/ssl/certs...

1 added, 0 removed; done

Running hooks in /etc/ca-certificates/update.d...

Adding debian:cacert.pem

done.

done.

root@sdnctl1:/opt/sdn/admin#

10. Start the controller.

sudo service sdna start

SDN Controller keystore and truststore locations and passwords

The SDN Controller keystore and truststore are referenced by the following configurable

components:

• com.hp.sdn.api.impl.AlertPostManager

• com.hp.sdn.misc.AdminRestComponent

• com.hp.sdn.misc.ServiceRestComponent

• com.hp.sdn.adm.mgr.impl.hpws.HpwsInstallManager

The values for keystore and keystore.password contain the keystore location and encrypted

keystore password respectively. The values for truststore and truststore.password

contain the truststore location and encrypted truststore password respectively. The keystore and

truststore location and password for each component must match the configured keystore and

truststore location and password.

Encryption

Sensitive information such as tokens and passwords are stored encrypted on the SDN Controller.

However, to encrypt and decrypt these properties, the controller requires a master key that is

112 Security

Table of Contents

Related product manuals

Preview: HP HPE MR Gen11

HP HPE MR Gen11

Preview: HP P420

Preview: HP 4400

Preview: HP MSM7XX

Preview: HP MSM720

Preview: HP E-MSM720

Preview: HP MR Gen10 Plus

HP MR Gen10 Plus

Preview: HP 9000 300 Series

HP 9000 300 Series

Preview: HP Smart Array P830

HP Smart Array P830

Preview: HP Smart Array P800

HP Smart Array P800

Preview: HP StorageWorks P2000

HP StorageWorks P2000