Top
ServerView Resource Orchestrator Cloud Edition V3.2.0 Setup Guide
FUJITSU Software
Chapter 3 SSL Communication Environment Settings for the ROR Console > 3.2 Importing a Certificate to ServerView SSO Authentication Server
PreviousNext

3.2 Importing a Certificate to ServerView SSO Authentication Server

When using ServerViewSSO for authentication, perform the operation described in this section.
This section explains how to import a certificate to the ServerView SSO authentication server.

  1. Export the registered certificate information.

    Use the following command to export the registered certificate information:

    cmmkpfx Export_file_name -ed Certificate_environment -tl SSLTOKEN -nn Certificate_nickname

    The parameters to specify in the command are shown below.

    Setting item

    Setting value

    Export file name

    Specify the temporary file name used for import in Step 2.

    Certificate Environment

    Specify the following directory.

    [Windows Manager]

    Installation_folder\IAPS\smee

    [Linux Manager]

    /etc/opt/FJSVctmg-isas/smee

    Certificate nickname

    Specify "SSLCERT" or "testCert".

  2. Import the certificate information to the authentication server.

    Use the commands shown below to import the certificate information to the authentication server.

    [Windows Manager]

    • ServerView Operations Manager V6.1 or later

      JDK6_installation_folder\bin\keytool.exe -importkeystore -srckeystore Export_file_name -destkeystore "ServerView Suite_Installation_folder\jboss\standalone\svconf\pki\cacerts" -srcstoretype PKCS12

    • Earlier than ServerView Operations Manager V6.1

      JDK6_installation_folder\bin\keytool.exe -importkeystore -srckeystore Export_file_name -destkeystore "ServerView Suite_installation_folder\jboss\server\serverview\conf\pki\cacerts" -srcstoretype PKCS12

    [Linux Manager]

    • ServerView Operations Manager V6.1 or later

      JDK6 Installation_directory/bin/keytool -importkeystore -srckeystore Export_file_name -destkeystore /opt/fujitsu/ServerViewSuite/jboss/Standalone/svconf/pki/cacerts -srcstoretype PKCS12

    • Earlier than ServerView Operations Manager V6.1

      JDK6 Installation_folder/bin/keytool -importkeystore -srckeystore Export_file_name -destkeystore /opt/fujitsu/ServerViewSuite/jboss/server/serverview/conf/pki/cacerts -srcstoretype PKCS12

  3. Delete the export file.

    Delete the export file specified in Step 2.

Example

[Windows Manager]

Use screen input for the following commands:

- Certificate nickname: SSLCERT
- Export file name: c:\work\isas.p12
C:\>set ISCERT_PATH="C:\Program Files (x86)\Resource Orchestrator\IAPS\smee"
C:\>set IS_SMEEBIN="%ProgramFiles(x86)%\Common Files\Fujitsu Shared\F3FSSMEE"
C:\>%IS_SMEEBIN%\cmmkpfx c:\work\isas.p12 -ed %ISCERT_PATH% -tl SSLTOKEN -nn SSLCERT
User-PIN: the password created according to "3.1.1 Creating the Interstage Certificate Environment and the Application to Obtain the Certificate that is used for SSL Communication". The default value is "changeit"
Password: Password of the certificate being exported <- Used by the command parameters shown below.
Retype: Password of the certificate being exported

C:\>cd C:\Program Files (x86)\Java\jre6\bin
C:\Program Files (x86)\Java\jre6\bin>keytool.exe -importkeystore -srckeystore c:\work\isas.p12 -destkeystore "C:\Program Files (x86)\Fujitsu\ServerView Suite\jboss\standalone\svconf\pki\cacerts" -srcstoretype PKCS12

Enter destination keystore password: Password for the environment for creating SVOM web server certificates <- The default is "changeit"
Enter source keystore password:Password at time of export <- Specify the password that was specified for the above command.

del c:\work\isas.p12

[Linux Manager]

Use screen input for the following commands:

- Certificate nickname: SSLCERT
- Export file name: /tmp/isas.p12
# /opt/FJSVsmee/bin/cmmkpfx /tmp/isas.p12 -ed /etc/opt/FJSVctmg-isas/smee -tl SSLTOKEN -nn SSLCERT
User-PIN: the password created according to "3.1.1 Creating the Interstage Certificate Environment and the Application to Obtain the Certificate that is used for SSL Communication". The default value is "changeit"
Password: Password of the certificate being exported <- Used by the command parameters shown below.
Retype: Password of the certificate being exported
# cd /usr/java/jre1.6.0_02/bin
# ./keytool -importkeystore -srckeystore /tmp/isas.p12 -destkeystore /opt/fujitsu/ServerViewSuite/jboss/standalone/svconf/pki/cacerts -srcstoretype PKCS12

Enter destination keystore password: jboss certificate creation environment password <- The default is "changeit"
Enter source keystore password:Password at time of export <- Specify the password that was specified for the above command.

# rm /tmp/isas.p12

PreviousNext
Copyright 2010-2016 FUJITSU LIMITED