Manualshelf

HP XP7 PA Software Installation Guide

ManualsBrandsHP ManualsSoftwareHP StorageWorks Performance Advisor XP Media Kit
81828384858687888990
5 Configuring SSL settings for HP XP7 Performance Advisor
You can configure SSL settings for HP XP7 Performance Advisor using the unsigned or the signed
approach.
Unsigned approach
You can generate unsigned SSL certificates on the server and add them to the JRE's trusted list of
certificates to enable SSL on a HP XP7 Performance Advisor. The advantage with this method is
that it does not need a Certificate Authority (CA) signed certificate. The client takes the public key
from the server and stores it in a keystore, and then places the keystore in the JRE’s trusted site list.
This enables the HP XP7 Performance Advisor to establish a SSL connection to secure the data
transfer.
Management Station
To configure SSL settings in your management station perform the following steps:
1. Navigate to the bin folder in the JRE location defined by your JAVA_HOME variable.
2. Generate keystore on the Tomcat server:
<%JAVA_HOME%>\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore
<%HPSS_HOME>\hpss\pa\tomcat\conf\keystore
The default location for JRE in management station is listed below:
%HPSS_HOME%\jre\bin
3. When prompted, provide the password as changeit.
4. When prompted for the first name and last name, enter the fully-qualified domain name of
your management station. For example, abc.domain.company.com.
5. For the rest of the fields, enter appropriate values in the order mentioned: Division, Company
(your company name), City, State, and Country.
NOTE: The Country field can accept only two characters.
6. Enable https for your HP XP7 Performance Advisor management station by editing the
server.xml file in the <PA_Install folder>\HPSS\pa\tomcat\conf folder:
<Connector port="443" protocol="HTTP/1.1org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="${catalina.home}/conf/keystore"
keystorePass="changeit" clientAuth="false"
sslProtocol="TLS" />
Comment out the following lines in the server.xml file, as shown below:
<!--
<Connector port="<install_port>" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
-->
The keystore location is provided by the Tomcat server.
7. Start the Tomcat server in the SSL mode:
https://[server name].[domain name]/pa or https://[IP address]/pa
Host Agent
To configure SSL settings in the host agent perform the following steps:
1. On the HP XP7 Performance Advisor host agent, download the InstallCert program from
the following location: https://jira.springsource.org/secure/attachment/13865/InstallCert.java
Unsigned approach 83