HP Reference Information Storage System Version 1.6 Administration Guide revision 2 (T3559-90809, September 2007)
NOTE:
After deleting pccCert.pem or httpCert.pem in /opt/keys ,besuretologofforclosethePCC
UI. If you don’t and refresh, the PCC UI will re-create these files. (The SSL Configuration page will
also not allow new CSRs be created.)
Installing and generating a certificate on the PCC portal
Follow these steps to generate and install a c er tificate for the RISS PCC portal.
1. Create a certificate signing request (CSR) for the PCC:
a. Log in to the PCC Web interface and go Configuration > SSL Configuration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/keys/pccCert.pem (the certificate request)
• /opt/keys/pcckey.pem (the RSA private key)
2. Manually copy the certificate request file to your local machine:
scp root@[external ip address of PCC]:/opt/keys/pccCert.pem
3. Send the certificate request to a certi ficate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Impor t the certificate you receive from the CA into the RISS PCC:
a. Store the certifica te from the CA on your local machine (for example, as pccCertSigned.pem).
b. Copy the certificate to the PCC:
scp pccCertSigned.pem root@[external ip address of PCC]:/opt/keys/
pccCertSigned.pem
5. Impor t the c ertificate into the PCC’s Apache server:
usr/local/bin/ssl_cert_update.pl -pcc -cert /opt/keys/pccCertSigned.pem
-key /opt/keys/pcckey.pem
6. Restart the PCC’s Apache server by issuing the following command:
/etc/init.d/httpd restart
Installing and generating a certificate on the HTTP portals
Follow these steps to install a certificate on the RISS HTTP portals.
1. Create a certificate signing request (CSR) for the HTTP po rtals:
a. Log in to the PCC Web interface and go Configuration > SSL Configuration.
b. Complete the CSR generation form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/keys/httpCert.pm (the certificate request)
• /opt/keys/httpkey.pem (the RSA private key)
2. Manually copy the certificate request file to your local machine:
scp root@[external ip address of PCC]:/opt/keys/httpCert.pm
40
Configuration