This section explains how to register the certificates necessary when using an SSL accelerator of the server load balancer function.
The tenant user prepares a certificate based on the business system to configure, and the infrastructure administrator registers this certificate in the NS Appliance.
Figure C.1 Flow of Registration of Server Certificates and CA Certificates
This section explains how to register a certificate in the PKCS#12 format in an NS appliance.
Registering CA Certificates
Check if a CA certificate is already registered in the NS appliance.
Log in to the NS appliance, and execute the following command:
show cert ca-certificate all
When no CA certificate is registered, register the CA certificate using the procedure after step 2.
If one is already registered, registration is not required.
Store the CA certificate in the NS appliance.
Store the certificate in the NS appliance, by transferring an FTP server file to the NS appliance.
Store the certificate on the FTP server in advance.
Execute the following command:
copy src_uri [ username name [ password password ] ] [ dst_filename ]
Specify the certificate on the FTP server as the copy source, in order to copy it to the NS appliance.
ftp://IPv4 address of the FTP server/directory/filename
Specify the login ID for the FTP server using a character string containing between 1 and 64 characters.
Specify the password for the login ID for the FTP server using a character string containing between 1 and 64 characters.
Specify the file name as "ca-cert.incom.pem".
Register the CA certificate in the NS appliance.
Execute the following command:
cert entry peer-ca-certificate ca-certificate-group-entry-numConfigure the CA certificate number. This number is the number of the peer and the certificate of its own device.
A value between 1 and 2048 can be specified.
0 has a specific meaning, and certificates from other CA authorities cannot be registered, as the number is allocated to the certificate created by Resource Orchestrator. Also, the numbers between 1 and 18 are registered for the CA certificates of Symantec Website Security (formerly VeriSign) installed by default, so use another number.
Registering Server Certificates
Store the server certificate in the NS appliance.
Store the certificate in the NS appliance, by transferring an FTP server file to the NS appliance.
Store the certificate on the FTP server in advance.
Execute the following command:
copy src_uri [ username name [ password password ] ] [ dst_filename ]
Specify the certificate on the FTP server as the copy source, in order to copy it to the NS appliance.
ftp://IPv4 address of the FTP server/directory/filename
Specify the login ID for the FTP server using a character string containing between 1 and 64 characters.
Specify the password for the login ID for the FTP server using a character string containing between 1 and 64 characters.
Specify the file name as "certXXX.imp.pkcs12".
Entry number
Register the server certificate in the NS appliance.
Execute the following command:
cert pkcs12-import certificate-entry-num password password
Configure the certificate for end entity and the registration number of the secret key.
A value between 1 and 256 can be specified.
Specify a password using a character string containing up to 20 characters with alphanumeric characters and the symbols "!"#$%&()=~|-^\@[;:]/.,{`}*+_?><" in order to use the PKCS#12 file.