HP Reference Information Storage System v1.6 Administrator Guide (T3559-96073, July 2007)
NOTE:
After deleting pccCert.pem or httpCert.pem in /opt/keys,besuretologofforclosethePCC
UI. If you don’t and refresh, the PCC UI will re-create these files. (The SSL Configuration page will
also not allow new CSRs be created.)
Installing and generating a certificate on the PCC portal
Follow these steps to generate and install a certificate for the RISS PCC portal.
1. Create a certificate signing request (CSR) for the PCC:
a. Log in to the PCC Web interface and go Configuration > SSL Configuration .
b. Complete the CSR g eneration form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/keys/pccCert.pem (the certificate request)
• /opt/keys/pcckey.pem (the RSA private key)
2. Manually copy the certificate request file to your local machine:
scp root@[external ip address of PCC]:/opt/keys/pccCert.pem
3. Send the certificate request to a certificate authority (CA) such as VeriSign for signing.
Follow the instructions provided by your CA.
4. Impor t the certificate you receive from the CA into the RISS PCC:
a. Store the certificate from the CA on your local machine (for example, as pccCertSigned.pem).
b. Copy the certificate to the PCC:
scp pccCertSigned.pem root@[external ip address of PCC]:/opt/keys/
pccCertSigned.pem
5. Impor t the cer ti ficate into the PCC’s Apache server:
usr/local/bin/ssl_cert_update.pl -pcc -cert /opt/keys/pccCertSigned.pem
-key /opt/keys/pcckey.pem
6. Restart the PCC’s Apache server by issuing the following command:
/etc/init.d/httpd restart
Installing and generating a cer ti fi cate on the HTTP portals
Follow these steps to install a c ertificate on the RISS HTTP portals.
1. Create a certificate signing request (CSR) for the HTTP portals:
a. Log in to the PCC Web interface and go Configuration > SSL Configuration .
b. Complete the CSR g eneration form.
c. Log out of the PCC Web interface.
This generates two files on the PCC:
• /opt/keys/httpCert.pm (the certificate request)
• /opt/keys/httpkey.pem (the RSA private key)
2. Manually copy the certificate request file to your local machine:
scp root@[external ip address of PCC]:/opt/keys/httpCert.pm
40
Configuration