Filter
Top Products
Chapter 3 System Preparation
186 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
% cp cacerts cacerts.ORIG
% $JAVA_HOME/bin/keytool -keystore cacerts -import \
-file /tmp/ds.cer -alias hpss_ssmds
The keytool utility will print out the information about the certificate, including the
fingerprints, and will ask whether the certificate should be trusted. Compare the owner,
issuer, and fingerprints carefully with those obtained from the original certificate in step 2.
If they match, answer "yes". If they do NOT match, DO NOT import the certificate at all; it
has been corrupted in transit.
If you confirm that you want the certificate added as trusted, the utility should respond
that the certificate was added to the keystore.
This cacerts file is the file the hpssadm client will use to verify the Data Server's certificate.
The /tmp/ds.cer file is just a temporary file for transmitting a copy of the Data Server's
certificate. It may be named anything you like, and may be removed once you have used
it to import the certificate into the hpssadm trusted store.
3.8.3.3 Storing the Password to the Data Server's Keystore File
This step is necessary for the proper configuration of the Data Server.
When the Data Server is executed in Low Security mode, the password to its keystore file must be
stored in a file on the Data Server host. This is one reason it is so important to secure this machine.
This file must be protected against access by any user except root, and the Data Server must be
executed as root. Low Security mode is the only mode in which the Data Server may be started
automatically from a script, without human intervention.
The default name for the file to store the password is
/var/hpss/ssm/keystore.ds.pw
This name can be changed in the hpss_env file by setting the
HPSS_SSMDS_KEYSTORE_PASSWORD variable as desired.
To run the Data Server in Normal Security mode, set the
HPSS_SSMDS_KEYSTORE_PASSWORD variable in the hpss_env file to the string "PROMPT".
Then, rather than reading the password from a file, the Data Server will prompt the user for the
password when it begins execution. If you always run in Normal Security mode, you do not need
to store the password to the Data Server's keystore anywhere in a file, but neither can you start it
automatically from a script.
3.8.4 Configuring the Java Security Policy File
A Java security policy file isrequired for the Data Server. If the hpssadm utility is used, it musthave
its own Java security policy file.
Versions of Java beginning with 1.2 allow you to fine tune many permissions given to particular
code by means of system wide, user, and application specific policy files, and by providing for
applications to run under the Java Security Manager. If the application is not executed with a