HP VAN SDN Controller Administrator Guide

Running the Controller Without Jar-Signing Validation

The SDN controller enforces jar-signing validation by default. For an experimental/development

environment where unsigned applications need to be deployed, jar-signing validation can be

turned off altogether:

1. Stop the SDN controller:

sudo service sdnc stop

2. Modify the /opt/sdn/virgo/bin/dmk.sh script to include the line shown below in

boldface type:

cd $KERNEL_HOME; exec $JAVA_EXECUTABLE \

$JAVA_OPTS \

$DEBUG_OPTS \

$JMX_OPTS \

-XX:+HeapDumpOnOutOfMemoryError \

-XX:ErrorFile=$KERNEL_HOME/serviceability/error.log \

-XX:HeapDumpPath=$KERNEL_HOME/serviceability/heap_dump.hprof \

-Dsdn.signedJar=none \

-Djava.security.auth.login.config=$AUTH_LOGIN \

-Dorg.eclipse.virgo.kernel.authentication.file=$AUTH_FILE \

3. Start the SDN controller:

sudo service sdnc start

To enable jar-signing validation again, simply remove the above highlighted text line from the

/opt/sdn/virgo/bin/dmk.sh script and restart the controller.

Revoking Trust

Revoking trust via truststore

The controller components rely on the public certificates in the respective truststore to establish

trust with a given identity. Therefore, revoking trust from a client with a given public certificate

amounts to removing its certificate from the respective truststore. To remove a given certificate

from the truststore:

• List the certificates in your truststore:

keytool –list –v keystore <truststore>

• Delete certificate from truststore:

keytool –delete –alias <cert alias> -keystore <truststore>