HP VAN SDN Controller Administrator Guide

Controller Code Verification

All controller code is signed by HP. Validating the certificate via jarsigner should return an HP

X.509 certificate similar to the following:

X.509, CN=Hewlett-Packard, OU=HPGlobal, OU=Digital ID Class 3 - Java Object Signing,

O=Hewlett-Packard, L=Andover, ST=Massachusetts, C=US

[certificate is valid from 11/14/12 4:00 PM to 11/15/14 3:59 PM]

X.509, CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at

https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

[certificate is valid from 2/7/10 4:00 PM to 2/7/20 3:59 PM]

[CertPath not validated: null]

If a controller jar or war file is tampered with, the jar verification will fail, and the container will

not start up.

If an application is not signed by HP, or has its certificate trusted by the controller (see section

below), the application will not be allowed to run on the controller.

Adding Certificates to Jar-Signing Truststore

To deploy other signed applications onto the controller, use the Java keytool to import the public

certificate that was used to sign the application jars into the controller jar-signing truststore

(/opt/sdn/admin/sdnjar_trust.jks):

keytool -importcert -keystore /opt/sdn/admin/sdnjar_trust.jks -file

signed_app.cer -alias mysignedcert

The controller needs to be restarted for the new truststore to take effect.