Manualshelf

HP VAN SDN Controller Administrator Guide v3

ManualsBrandsHP ManualsSoftwareHP VAN SDN Controller Software Products
71727374757677787980
4.8.2 Running the Controller Without Jar-Signing Validation
The SDN controller enforces jar-signing validation by default. For an experimental/development
environment where unsigned applications need to be deployed, jar-signing validation can be
turned off altogether:
1. Stop the SDN controller
sudo service sdnc stop
2. Modify the /opt/sdn/virgo/bin/dmk.sh script to include the line shown below in boldface
type:
cd $KERNEL_HOME; exec $JAVA_EXECUTABLE \
$JAVA_OPTS \
$DEBUG_OPTS \
$JMX_OPTS \
-XX:+HeapDumpOnOutOfMemoryError \
-XX:ErrorFile=$KERNEL_HOME/serviceability/error.log \
-XX:HeapDumpPath=$KERNEL_HOME/serviceability/heap_dump.hprof
\
-Dsdn.signedJar=none \
-Djava.security.auth.login.config=$AUTH_LOGIN \
-Dorg.eclipse.virgo.kernel.authentication.file=$AUTH_FILE \
3. Start the SDN controller:
sudo service sdnc start
To enable jar-signing validation again, simply remove the above highlighted text line from the
/opt/sdn/virgo/bin/dmk.sh script and restart the controller.
4.9 Revoking Trust
4.9.1 Revoking trust via truststore
The controller components rely on the public certificates in the respective truststore to establish trust
with a given identity. Therefore, revoking trust from a client with a given public certificate amounts
to removing its certificate from the respective truststore. To remove a given certificate from the
truststore:
List the certificates in your truststore:
keytool list v -keystore <truststore> [-storepass
<password>]
Delete certificate from truststore:
keytool delete alias <cert alias><truststore>
4.9.2 Revoking trust via CRL
For the controller’s REST API, a CRL (Certificate Revocation List) may also be specified to allow
blacklisting of certain clients. This is done by modifying the
/opt/sdn/virgo/configuration/tomcat-server.xml file to include the CRL file location in the SSL
connector:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="../admin/keystore"
keystorePass="skyline"
4.9 Revoking Trust 71