Manualshelf

HP 3PAR Policy Server Installation and Setup Guide (QR483-96004, December 2012)

ManualsBrandsHP ManualsStorageHP 3PAR StoreServ 7400 16Gb Virtualization Base System SAN Kit
26272829303132333435
7. Install the new certificate and CA certificate in the Policy Server keystore file:
a. Transfer both the new certificate (tomcat.crt) and the OpenSSL CA certificate (cacert.crt)
to the Policy Server server.
b. Install both certificates in the Policy Server keystore file.
SSL Certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias tomcat -file c:\hp-3par\tomcat.crt -keystore c:\hp-3par\heystore-ps
Enter keystore password:
Certificate reply was installed in keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>
CA certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias root -file c:\hp-3par\cacert.crt -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Owner: EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Issuer: EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Serial number: ba5d98b125297b80
Valid from: Wed Oct 31 08:16:30 PDT 2012 until: Sat Oct 31 08:16:30 PDT
2015
Certificate fingerprints:
MD5: 77:A6:21:D1:36:FE:BF:95:58:D1:67:33:5E:12:14:07
SHA1: 53:55:B0:D8:D3:A4:6B:35:B3:79:DF:DF:47:44:09:76:86:BF:65:F1
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=.
0010: 67 44 14 D6 gD..
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=.
0010: 67 44 14 D6 gD..
[EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP, ST=CA,
C=US]
SerialNumber: [ ba5d98b1 25297b80]
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>
Now the Policy Server is enabled to support SSL connections over port 8443. The Policy Server is
still configured for non-SSL connections over port 443. HP recommends that users disable the Policy
Server from allowing connections over port 443.
To disable non-SSL connections to the Policy Server, edit the following Policy Server configuration
file:
C:\Program Files (x86)\HP3Par\PolicyServer\Tomcat6\aps\conf\server.xml
32 Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure