Nonstop Volume Level Encryption Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

Create signed NSSuser client certificate with CLIMCMD

a. Log on to a TACL prompt as SUPER.SUPER on the system where you are creating the NSSuser

files. Use the VOLUME command to create the $SYSTEM.ZENCRYPTsubvolume:

$SYSTEM STARTUP 2> VOLUME $SYSTEM.ZENCRYPT

$SYSTEM ZENCRYPT 3>

$SYSTEM ZENCRYPT 3> fileinfo *

No files match \OSM8.$SYSTEM.ZENCRYPT.*

$SYSTEM ZENCRYPT 4>

b. Use the CLIMCMD mkdir command to create a temporary directory on the CLIM. You can use

any CLIM on the system. This example uses a Storage CLIM named C100231 and a temporary

directory “zencrypt”:

$SYSTEM ZENCRYPT 4> climcmd c100231 mkdir /tmp/zencrypt/

comForte SSH client version T9999H06_05Aug2009_comForte_SSH_0086b

Termination Info: 0

$SYSTEM ZENCRYPT 5>

c. Use the CLIMCMD OpenSSL command to create a NSSuser private key and a NSSuser client

certificate request. You will be prompted to enter a passphrase. Choose a strong passphrase

to protect the private key. You can fill in the other information any way you see fit. However,

the Common Name must be NSSuser. Enter this command, all on one line:

$SYSTEM ZENCRYPT 5> climcmd c100231 openssl req -newkey rsa:2048 -keyout

/tmp/zencrypt/client.key -out /tmp/zencrypt/client.csr

The system responds, prompting you to enter various fields. Responses are shown in bold:

comForte SSH client version T9999H06_05Aug2009_comForte_SSH_0086b

Generating a 2048 bit RSA private key

........................................+++

................................................................................

........................+++

writing new private key to '/tmp/zencrypt/client.key'

Enter PEM pass phrase:passphrase

Verifying - Enter PEM pass phrase:passphrase

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:CA

Locality Name (eg, city) []:Cupertino

Organization Name (eg, company) [Internet Widgits Pty Ltd]:HP

Organizational Unit Name (eg, section) []:NonStop

Common Name (eg, YOUR name) []:NSSuser

Email Address []:MyEmail.Id@hp.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:.

An optional company name []:.

Termination Info: 0

$SYSTEM ZENCRYPT 6>

d. Use the CLIMCMD OpenSSL command to convert the NSSuser private key into a PEM formatted

private key. You will be prompted to enter the passphrase that you used to create the private

key. Enter this command, all on one line:

$SYSTEM ZENCRYPT 6> climcmd c100231 openssl rsa -in

/tmp/zencrypt/client.key -text -out /tmp/zencrypt/client.key.pem

comForte SSH client version T9999H06_05Aug2009_comForte_SSH_0086b

34 Installation