Nonstop Volume Level Encryption Guide
Y1 Location................ Group 100 , Module 3 , Slot 3 , Port 1
SvNet ID 1................. 0x000E08C6
X2 Location................ Group 100 , Module 2 , Slot 3 , Port 2
Y2 Location................ Group 100 , Module 3 , Slot 3 , Port 2
SvNet ID 2................. 0x000E09C6
Maintenance Interface IP... 192.168.38.31
Total Errors = 0 Total Warnings = 0
p. Use SFTP to transfer the SIGNCERT file to the Maintenance Interface IP Address of the CLIM.
Once connected to the CLIM, put the SIGNCERT file into the CLIM’s /tmp/zencrypt directory:
$SYSTEM ZENCRYPT 15> sftp -S $zssp0 root@192.168.38.31
comForte SFTP client version T9999H06_10Jul2009_comForte_SFTP_0086
Connecting to 192.168.38.31 via SSH2 process $zssp0 ...
sftp> put signcert /tmp/zencrypt/client.signed
Uploading signcert to /tmp/zencrypt/client.signed
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s Remaining
---------------------------------- -------- --- ------- ----------
signcert 0 0% 0.0KB --:--
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s TimeSpent
---------------------------------- -------- --- ------- ----------
signcert 1514 100% 0.0KB 00:00
1514 bytes transferred in 0 seconds ( 0.0KB/s)
sftp>
sftp> quit
q. Use the CLIMCMD OpenSSL command to convert the PEM formatted NSSuser client signed
certificate that you SFTPed to the CLIM in Step 16 to a DER formatted client signed certificate:
$SYSTEM ZENCRYPT 16> climcmd c100231 openssl x509 -inform PEM
-in /tmp/zencrypt/client.signed -outform DER -out /tmp/zencrypt/client.signed.der
comForte SSH client version T9999H06_05Aug2009_comForte_SSH_0086b
Termination Info: 0
$SYSTEM ZENCRYPT 17>
r. Use SFTP to transfer the DER formatted NSSuser client signed certificate and the DER formatted
NSSuser client private key back to the NonStop system. Use binary transfer mode:
$SYSTEM ZENCRYPT 17> sftp -S $zssp0 root@192.168.38.31
comForte SFTP client version T9999H06_10Jul2009_comForte_SFTP_0086
Connecting to 192.168.38.31 via SSH2 process $zssp0 ...
sftp> binary
File transfermode is now binary
sftp> get /tmp/zencrypt/client.signed.der nssucert,0
Fetching /tmp/zencrypt/client.signed.der to nssucert,0
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s Remaining
---------------------------------- -------- --- ------- ----------
/tmp/zencrypt/client.signed.der 0 0% 0.0KB --:--
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s TimeSpent
---------------------------------- -------- --- ------- ----------
/tmp/zencrypt/client.signed.der 928 100% 0.0KB 00:00
928 bytes transferred in 0 seconds ( 0.0KB/s)
sftp>
sftp> get /tmp/zencrypt/client.key.der nssukey,0
Fetching /tmp/zencrypt/client.key.der to nssukey,0
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s Remaining
---------------------------------- -------- --- ------- ----------
/tmp/zencrypt/client.key.der 0 0% 0.0KB --:--
---------------------------------- -------- --- ------- ----------
Filename BytesNow % Bytes/s TimeSpent
---------------------------------- -------- --- ------- ----------
/tmp/zencrypt/client.key.der 1261 100% 0.0KB 00:00
1261 bytes transferred in 0 seconds ( 0.0KB/s)
Installation steps 39