Perform the following tasks on the Ecosystem Manager Client and all clients that need to be configured with SSL. If multiple clients point to the Ecosystem Manager server, add a suffix or prefix <hostname-of-EM-client> to the generated keystore and truststore files on each client.
- Create and navigate to a folder named /home/em where you will place the keystore files.
-
Create a certificate/keystore for both Active and Standby Ecosystem Manager servers:
keytool -genkey -alias <hostname-of-EM-client> -keyalg RSA -keystore server.ks
The system prompts for the following information:Make sure that the keystore file is created on all participating EM client systems.
Enter your keystore password: What is your first and last name? [Unknown]: What is the name of your organizational unit? [Unknown]: What is the name of your City or Locality? [Unknown]: What is the name of your State or Province? [Unknown]: What is the two-letter country code for this unit: [Unknown]: Is CN-Unknown, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown correct? [no]: yes Enter key password for <hostname-of-EM-client> (RETURN if same as keystore password):
- Copy the broker_cert file from the Ecosystem Manager server to the client and then execute the following command on the client: Keytool -import -alias <hostname-of-EM-server> -keystore client.ts -file broker_cert
-
Answer the same questions and use the same password you saved when you created the broker key file.
Enter keystore password: Re-enter new password: Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Serial number: 300263d1 Valid from: Tue Jun 23 18:18:11 UTC 2015 until: Mon Sep 21 18:18:11 UTC 2015 Certificate fingerprints: MD5: C1:1C:8C:C0:9B:A5:42:60:A0:A8:CC:CF:62:65:52:0D SHA1: 43:79:D8:32:AD:F2:B0:F9:3A:F6:96:FE:8E:F3:BE:13:71:6B:6B:F2 SHA256: 83:23:00:9F:4B:19:01:1A:1E:21:78:72:9E:2D:E5:C2:C6:04:9C:1C:58:64:2C:A3:C3:C4:CE:CF:0C:07:0D:D2 Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 83 75 6D 0E A2 76 EE 16 84 09 13 40 AF F4 88 8A .um..v.....@.... 0010: 50 65 D2 03 Pe.. ] ] Trust this certificate? [no]: yes Certificate was added to keystore
This creates a truststore and sets the client trusts the broker. -
Export the client certificate using the keytool command:
keytool -export -alias <hostname-of_EM-client> -keystore client.ks -file client_cert
Enter keystore password: Certificate stored in file <client_cert>
- Copy the client_certificate to the Ecosystem Manager server.
- Make sure that the client_certificate file is created.
- Give 777 access rights to /home/em and all files within it.