Import the directory server certificate into Resource Orchestrator.
Common Settings among Directory Servers
Use the following procedure to configure the common settings in the directory server.
Stop the manager.
For information on stopping managers, refer to "7.2 Starting and Stopping the Manager".
Copy the following files:
Files to copy
[Windows]
Installation_folder\Manager\runtime\jre6\lib\security\cacerts
[Linux]
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts
Copy destination
[Windows]
Installation_folder\Manager\runtime\jre6\lib\security\cacerts.org
[Linux]
/opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts.org
Configuration when Using Active Directory
When using Active Directory, it is necessary to import the server certificate.
Use the following procedure to import Active Directory server certificates. The server certificate format is the DER encoded binary X.509 (CER) format.
Execute the following commands, and import the Active Directory server certificate into Resource Orchestrator.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importcert -alias ror_ldap -trustcacerts -file Server_certificate_path -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importcert -alias ror_ldap -trustcacerts -file Server_certificate_path -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
For the -alias option, specify "ror_ldap". "changeit" is configured as the default password for keystores.
The confirmation message is displayed. Trust the server certificate, and enter one of the following:
When adding a keystore
Enter "yes".
When stopping operations
Enter "no".
Do you trust this certificate? [no]: |
Example
>"C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe" -importcert -alias ror_ldap -trustcacerts -file c:\myserver.serverview.local_svsca.crt -keystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
The following messages will be displayed, when addition to a keystore is successfully completed.
The certificate is added to the keystore. |
Execute the following commands, and check if the server certificate has been correctly imported.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias ror_ldap -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias ror_ldap -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
For the -alias option, specify "ror_ldap".
The message will be displayed, when the server certificate confirmation is successfully completed.
Example
>"C:\Fujitsu\ROR\Manager\runtime\jre6\bin\keytool.exe" -list-alias rcve_ldap -keystore "C:\ Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
When performing Single Sign-On operations with ServerView Operations Manager, import the ServerView Operations Manager server certificate into Resource Orchestrator.
Import the server certificate, referring to "OpenDS Provided with ServerView Operations Manager".
OpenDS Provided with ServerView Operations Manager
Use the following procedure to import the ServerView Operations Manager server certificate into Resource Orchestrator.
Execute the following commands, and import the ServerView Operations Manager server certificate into Resource Orchestrator.
"changeit" is configured as the default password for keystores.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "ServerView SuiteInstallation_folder\jboss\server\serverview\conf\pki\keystore" -destkeystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/keystore -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
A message will be displayed when import is successfully completed.
Check the "Another name" section.
Example
>"C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "C:\Program Files\Fujitsu\ServerView Suite\jboss\server\serverview\conf\pki\keystore" -destkeystore "C:\ Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
Execute the following commands, and check if the server certificate has been correctly imported.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias Another_name -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
For the -alias option, specify the "another name" checked in 2.
The message will be displayed, when the server certificate confirmation is successfully completed.
Example
>"C:\Fujitsu\ROR\Manager\runtime\jre6\bin\keytool.exe" -list -alias svs_cms -keystore "C:\ Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
When Using OpenDS Configured Individually
When using an individually configured OpenDS, it is necessary to import the server certificate. Use the following procedure to import the server certificate of the individually configured OpenDS. The server certificate format is the JKS (Java Keystore) format.
Execute the following commands, and import the individually configured OpenDS server certificate into Resource Orchestrator.
"changeit" is configured as the default password for keystores.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "OpenDSInstallation_folder\config\keystore" -destkeystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -importkeystore -srckeystore "OpenDSInstallation_folder/config/keystore" -destkeystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
A message will be displayed when import is successfully completed.
Check the "Another name" section.
Example
>"C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe" -importkeystore -srckeystore "C:\win32app\OpenDS-2.2.0\config\keystore" -destkeystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
Execute the following commands, and check if the server certificate has been correctly imported.
[Windows]
>"Installation_folder\Manager\runtime\jre6\bin\keytool.exe" -list -alias Another_name -keystore "Installation_folder\Manager\runtime\jre6\lib\security\cacerts" <RETURN> |
[Linux]
# /opt/FJSVrcvmr/runtime/jre6/bin/keytool -list -alias Another_name -keystore /opt/FJSVrcvmr/runtime/jre6/lib/security/cacerts <RETURN> |
For the -alias option, specify the "another name" checked in 2.
The message will be displayed, when the server certificate confirmation is successfully completed.
Example
>"C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\bin\keytool.exe" -list -alias server -cert -keystore "C:\Fujitsu\ROR\SVROR\Manager\runtime\jre6\lib\security\cacerts" |
When performing Single Sign-On operations with ServerView Operations Manager, import the ServerView Operations Manager server certificate into Resource Orchestrator.
Import the server certificate, referring to "OpenDS Provided with ServerView Operations Manager".
Configuration when using OpenLDAP
When using OpenLDAP, it is necessary to import the CA certificates for OpenLDAP. Import the certificate using the same procedure as in "Configuration when Using Active Directory".
