HP VAN SDN Controller Administrator Guide
44
Send the sdn-server.csr to a CA to be signed. The CA will authenticate you and return a signed
certificate and its CA certificate chain. We assume the signed certificate from the CA is named
signed.cer and the CA's certificate is root.cer. If root.cer is from your own internal CA, then you
need to import root.cer into your browser as an authority.
6. First, import the signed root certificate into your keystores:
keytool -importcert -trustcacerts -keystore keystore -file root.cer -alias
CARoot
keytool -importcert -trustcacerts -keystore truststore -file root.cer
-alias CARoot
7. Next, replace your self-signed certificate in your serverKey entry with the signed certificate from
your CA (signed.cer).
keytool -importcert -keystore keystore -file signed.cer -alias serverKey
8. If you are operating a team of controllers in your environment, turn off self-signing for inter-
controller communication:
Under /opt/sdn/virgo/repository/usr, change the “selfsigned” value to false for the following
component:
com.hp.sdn.misc.ServiceRestComponent.properties
9. If you set up a different password than the default "skyline" password for your keystore, you will
need to edit /opt/sdn/virgo/configuration/tomcat-server.xml and change the keystorePass value in
the <Connector port="8443"…> tag to the new keystore password.
10. Start the controller. Continue to the next section if you are using a different keystore and truststore
password than the default "skyline" password.
SDN Controller Keystore and Truststore Locations
and Passwords
The SDN Controller keystore and truststore are referenced by several components, and thus need
to be updated for these components:
com.hp.sdn.api.impl.AlertPostManager
com.hp.sdn.misc.AdminRestComponent
com.hp.sdn.misc.ServiceRestComponent
The parameters for these components can be accessed by logging into your UI at
https://<controller_ips>:8443/sdn/ui. In the left pane:
1. Select Configurations.
2. Select one of the three components listed above.
3. Select Modify.