Chapter 3 System Preparation
HPSS Installation Guide September 2002 183
Release 4.5, Revision 2
You will be prompted for the password, WHICH WILL BE ECHOED AS YOU TYPE IT, so
make sure you are working from a location where the password cannot be compromised.
Type in the default password ("changeit"). The utility should list the certificates in the file.
4. Change the password with the -storepasswd option of the keytool command. In this
example, the new password is "XXXXXX". Again, we are changing the password for the
cacerts file; do this for each trusted store file, substituting the correct file name for the "-
keystore" option:
$JAVA_HOME/bin/keytool -keystore cacerts -storepasswd \
-new XXXXXX
5. Verify that the password was changed properly by listing the file again:
$JAVA_HOME/bin/keytool -keystore cacerts -list
Again, your password will be echoed as you type it, so be sure no one can read your screen.
This change should be performed on the Data Server host machine and on any host from which
hpssadm will be executed.
The installation instructions for Java 1.3.0 also include directions for changing this password.
See the keytool man page with your Java installation for more information on using the keytool
utility.
3.8.3 Configuring SSL
SSL (Secure Sockets Layer) must be configured for the Data Server even if the hpssadm utility is
not executed, because the Data Server reads its private key as part of its initialization, even if he
subsequently never needs it for any hpssadm client. The steps below which are necessary for the
Data Server are distinguished from those necessary only for hpssadm.
SSL is used to encrypt the transmission of the user's DCE user name and password from the
hpssadm utility to the Data Server. In fact, the entire session by which the hpssadm utility submits
commands to the Data Server is encrypted with SSL.
Be aware, however, that there is a second session between the Data Server and the hpssadm utility.
This second, independent session is the one by which the Data Server sends the hpssadm client
asynchronous notifications of changes in HPSS statuses, such as a notice that a server has gone
down or a device opstate has changed. No password information is transmitted across this session,
and it is not encrypted.
This section explains how to configure the Java SSL extension and the Data Server for use with SSL.
3.8.3.1 Installing the Security Provider
In order for Java to access the SSL extension, the SSL provider must be installed. To do this, add the
provider to the Java security file
$JAVA_HOME/lib/security/java.security