Filter
Top Products
Chapter 3 System Preparation
184 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
There should already be at least one security provider listed in this file, probably in a format
something like:
security.provider.1=sun.security.provider.Sun
If there is more than one provider listed, they should be numbered in increasing numerical order:
security.provider.2=XXX.security.provider.foox
security.provider.3=YYY.security.provider.fooy
security.provider.4=ZZZ.security.provider.fooz
etc.
Add the line for the SSL provider like this, substituting for "N" in this example the next available
number:
security.provider.N=com.sun.net.ssl.internal.ssl.Provider
3.8.3.2 Configuring Keys and Certificates for the Data Server
Step 1 below is necessary for the proper configuration of the Data Server. All the other steps in this
section are required only for the configuration of the hpssadm utility.
The use of the SSL protocol between hpssadm and the Data Server requires that a public/private
key pair be generated for the Data Server and that the Data Server present an X.509 certificate to
identify himself to the hpssadm client. The hpssadm client must have access to a trusted store of
certificates which includes either the Data Server's certificate or the certificate of a certificate
authority who has signed the Data Server's certificate. If your site requires certificates to be signed
by an authority such as Verisign, see your site security personnel for instructions for generating the
public/private key pair and obtaining a signed certificate for the Data Server. If a self-signed
certificate for the Data Server is acceptable to your site, follow the instructions in this section.
On the machine where the Data Server will be executed:
1. Create a public/private key pair and a certificate for the Data Server using the keytool
utility.
You can choose any name you wish for the Data Server; in this example, we have called it
"HPSS Data Server". You must also specify an alias for the Data Server, for which we have
used "hpss_ssmds". The key pair and certificate must be stored in a keystore, a file that will
be private to the Data Server. The default name for this keystore file is
/var/hpss/ssm/keystore.ds
This name can be changed in the hpss_env file by setting the HPSS_SSMDS_KEYSTORE
variable as desired. The keystore file will be protected with a password, which should be
unique and used only for protecting this keystore and the key within it.
% cd /var/hpss/ssm
% $JAVA_HOME/bin/keytool -genkey -dname "cn=HPSS Data Server" \
-alias hpss_ssmds -keystore keystore.ds -validity 365