Manualshelf

HP XP P9000 Performance Advisor Software v5.5 Install Guide (T1789-96339, February 2013)

ManualsBrandsHP ManualsSoftwareHP StorageWorks Performance Advisor XP Media Kit
81828384858687888990
5 Configuring SSL settings for HP XP P9000 Performance
Advisor
You can configure SSL settings for HP XP P9000 Performance Advisor using the unsigned or the
signed approach.
Unsigned approach
You can generate unsigned SSL certificates on the server and add them to the JRE's trusted list of
certificates to enable SSL on a HP XP P9000 Performance Advisor. The advantage with this method
is that it does not need a Certificate Authority (CA) signed certificate. The client takes the public
key from the server and stores it in a keystore, and then places the keystore in the JRE’s trusted site
list. This enables the HP XP P9000 Performance Advisor to establish a SSL connection to secure
the data transfer.
Management Station
To configure SSL settings in your management station perform the following steps:
1. Navigate to the bin folder in the JRE location defined by your JAVA_HOME variable.
2. Generate keystore on the Tomcat server:
<%JAVA_HOME%>\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore
<%HPSS_HOME>\hpss\pa\tomcat\conf\keystore
The default location for JRE in management station is listed below:
%HPSS_HOME%\jre\bin
3. When prompted, provide the password as changeit.
4. When prompted for the first name and last name, enter the fully-qualified domain name of
your management station. For example, abc.domain.company.com.
5. For the rest of the fields, enter appropriate values in the order mentioned: Division, Company
(your company name), City, State, and Country.
NOTE: The Country field can accept only two characters.
6. Enable https for your HP XP P9000 Performance Advisor management station by editing
the server.xml file in the <PA_Install folder>\HPSS\pa\tomcat\conf folder:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="${catalina.home}/conf/keystore"
keystorePass="changeit" clientAuth="false"
sslProtocol="TLS" />
Comment out the following lines in the server.xml file, as shown below:
<!--
<Connector port="<install_port>" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
-->
The keystore location is provided by the Tomcat server.
7. Start the Tomcat server in the SSL mode:
https://[server name].[domain name]/pa or https://[IP address]/pa
Host Agent
To configure SSL settings in the host agent perform the following steps:
86 Configuring SSL settings for HP XP P9000 Performance Advisor