Manualshelf

HP 3PAR Policy Server Installation and Setup Guide (QR483-96004, December 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR 10000 Operating System Software Suite Base Single Use Upgrade E-LTU
21222324252627282930
E Configuring the Policy Sever for SSL by Using an Existing
Certificate Infrastructure
For environments that have an existing certificate infrastructure, configuring the Policy Sever for
SSL requires the following procedures:
Create a Certificate Signing Request (CSR).
Using the CSR, have a Certificate Authority (CA) create an SSL certificate for the server.
Install the new certificate in the Policy Server keystore.
Install the CA certificate in the Policy Server keystore.
NOTE: SSL certificate provisioning will vary across environments. The following example uses
OpenSSL as a certificate infrastructure. This example is intended only as a reference.
1. Using OpenSSL, create an internal Certificate Authority. For more information, see http://
www.openssl.org/docs/apps/CA.pl.html.
2. Create a directory for the keystore file to reside in, as shown in the following example:
C:\>mkdir c:\hp-3par
C:\>
3. Change to the directory where the keystore file resides.
4. Using the keytool.exe command that is installed with the HP 3PAR Policy Server, generate
a key for the server, as shown in the following example.
NOTE: The keystore file is created when you run the keytool.exe command.
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -genkey -alias tomcat
-keyalg RSA -keysize 1048 -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: 10.112.10.196
What is the name of your organizational unit?
[Unknown]: ST
What is the name of your organization?
[Unknown]: 3PAR
What is the name of your City or Locality?
[Unknown]: Fremont
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=10.112.10.196, OU=ST, O=3PAR, L=Fremont, ST=CA, C=US correct?
[no]: yes
Enter key password for < tomcat >
(RETURN if same as keystore password):
Re-enter new password:
5. Create a Certificate Signing Request (CSR) for the Policy Server:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -certreq -alias tomcat
-file c:\hp-3par\tomcat.csr -keystore c:\hp-3par\keystore-ps
Enter keystore password:
30 Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure