Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

j. Click Download at the bottom of the NSSuser signed client certificate. When the system asks

if you want to open or save the signed.cer file, select Save.

k. Save the NSSuser signed client certificate in the C:\zencrypt directory on your PC and name

the saved file client.signed. When the download completes, click the Close button.

NOTE: Windows appends “.cer” to the end of the specified filename so the actual signed

certificate is saved on the PC as “client.signed.cer”.

l. Use the OpenSSL command to convert the PEM formatted NSSuser client signed certificate

that you saved to the PC in Step K to a DER formatted client signed certificate:

C:\zencrypt> openssl x509 -inform PEM -in client.signed.cer -outform DER -out client.signed.der

C:\zencrypt>

m. In your temporary directory, create a file called nssupass.txt. Type the NSSuser passphrase

that you entered in Step 2 into this file, then save and close the file. (Do not enter the password

for the NSSuser local user; it is used only in the “Register CLIMs with Key Managers” guided

procedure in “8. Register the CLIMs” (page 42).)

n. Verify that the directory has these files:

C:\zencrypt> dir

Volume in drive C is PC COE

Volume Serial Number is D0BC-6439

Directory of C:\zencrypt

09/17/2009 06:16 PM <DIR> .

09/17/2009 06:16 PM <DIR> ..

09/17/2009 06:00 PM 1,033 client.csr

09/17/2009 06:00 PM 1,751 client.key

09/17/2009 06:00 PM 1,261 client.key.der

09/17/2009 06:00 PM 5,684 client.key.pem

09/17/2009 06:08 PM 1,313 client.signed.cer

09/17/2009 06:11 PM 928 client.signed.der

09/17/2009 06:16 PM 11 nssupass.txt

7 File(s) 11,981 bytes

2 Dir(s) 426,107,215,872 bytes free

C:\zencrypt>

o. FTP the NSSuser passphrase file (NSSUPASS), the DER formatted NSSuser private key file

(NSSUKEY), and the DER formatted NSSuser signed client certificate (NSSUCERT) to the

$SYSTEM.ZENCRYPT subvolume on the NonStop system:

C:\zencrypt>ftp osm8.caclab.cac.cpqcorp.net

Connected to osm8.caclab.cac.cpqcorp.net.

220 OSM8.caclab.cac.cpqcorp.net FTP SERVER T9552J01 (Version J01 TANDEM 10JUL200

9) ready.

User (osm8.caclab.cac.cpqcorp.net:(none)): super.super

331 Password required for SUPER.SUPER.

Password:

230 User SUPER.SUPER logged in. GUARDIAN API enabled

ftp>

ftp> cd $system.zencrypt

250 CWD command successful.

ftp>

ftp> put nssupass.txt nssupass

200 PORT command successful.

150 Opening data connection for nssupass (16.92.141.110,62449d).

226 Transfer complete.

ftp: 11 bytes sent in 0.03Seconds 0.42Kbytes/sec.

ftp>

ftp> binary

200 Type set to I.

ftp>

ftp> put client.key.der nssukey,0

200 PORT command successful.

32 Installation