Manualshelf

HP IAP Version 2.0 Administrator Guide (July 2008)

ManualsBrandsHP ManualsSoftwareHP RISS Domino Archiving Gateway
31323334353637383940
1. Create a certicate signing request (CSR) for the PCC:
a. Log in to the PCC Web interface and go General Conguration > SSL Conguration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two les on the PCC:
/opt/keys/pccCert.pem (the certicate request)
/opt/keys/pcckey.pem (the RSA private key)
2. Manua lly copy the certi cate request le to your local machine:
scp root@[external ip address of PCC]:/opt/keys/pccCert.pem
3. Send the certicate request to a certicate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Import the certicate you receive from the CA into the IAP PCC:
a. Store the certicate from the C A on your local machine (for example, as pccCertSigned.pem).
b. Copy the certicate to the PCC:
scp pccCertSigned.pem root@[external ip address of PCC]:/opt/keys/
pccCertSigned.pem
5. Import the certicate into the PCC’s Apache server:
usr/local/bin/ssl_cert_update.pl -pcc -cert /opt/keys/pccCertSigned.pem
-key /opt/keys/pcckey.pem
6. Restart the PCC’s Apache server by issuing the following command:
/etc/init.d/httpd restart
Installing and generating a certicate on the HTTP portals
Follow these steps to install a certicate on the IAP HTTP portals.
1. Create a c
ertica te signing request (CSR) for the HTTP portals:
a. Log in to the PCC Web interface and go General Conguration > SSL Conguration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two les on the PCC:
/opt/ke
ys/httpCert.pm (the certicate request)
/opt/keys/httpkey.pem (the RSA private key)
2. Manua lly copy the certi cate request le to your local machine:
scp roo
t@[external ip address of PCC]:/opt/keys/httpCert.pm
3. Send the certicate request to a certicate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Import
the certicate you receive from the CA into the IAP PCC:
a. Store the certicate from the CA on your local machine ( for example, as
httpCertSigned.pem).
b. Copy t
he certicate to the PCC:
scp httpCertSigned.pem root@[external ip address of PCC]:/opt/keys/
httpCertSigned.pem
Administrator Guide
39