HP IAP Version 2.0 Administrator Guide (July 2008)
1. Create a certificate signing request (CSR) for the PCC:
a. Log in to the PCC Web interface and go General Configuration > SSL Configuration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/keys/pccCert.pem (the certificate request)
• /opt/keys/pcckey.pem (the RSA private key)
2. Manua lly copy the certi ficate request file to your local machine:
scp root@[external ip address of PCC]:/opt/keys/pccCert.pem
3. Send the certificate request to a certificate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Import the certificate you receive from the CA into the IAP PCC:
a. Store the certificate from the C A on your local machine (for example, as pccCertSigned.pem).
b. Copy the certificate to the PCC:
scp pccCertSigned.pem root@[external ip address of PCC]:/opt/keys/
pccCertSigned.pem
5. Import the certificate into the PCC’s Apache server:
usr/local/bin/ssl_cert_update.pl -pcc -cert /opt/keys/pccCertSigned.pem
-key /opt/keys/pcckey.pem
6. Restart the PCC’s Apache server by issuing the following command:
/etc/init.d/httpd restart
Installing and generating a certificate on the HTTP portals
Follow these steps to install a certificate on the IAP HTTP portals.
1. Create a c
ertifica te signing request (CSR) for the HTTP portals:
a. Log in to the PCC Web interface and go General Configuration > SSL Configuration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/ke
ys/httpCert.pm (the certificate request)
• /opt/keys/httpkey.pem (the RSA private key)
2. Manua lly copy the certi ficate request file to your local machine:
scp roo
t@[external ip address of PCC]:/opt/keys/httpCert.pm
3. Send the certificate request to a certificate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Import
the certificate you receive from the CA into the IAP PCC:
a. Store the certificate from the CA on your local machine ( for example, as
httpCertSigned.pem).
b. Copy t
he certificate to the PCC:
scp httpCertSigned.pem root@[external ip address of PCC]:/opt/keys/
httpCertSigned.pem
Administrator Guide
39