HP StorageWorks P9000 Replication Manager Software 7.1 Configuration Guide (TB584-96022, May 2011)

Figure 14 Deciding whether a certificate requires registration

The tasks outlined in the flowchart are as follows:

1. “Checking the truststores” on page 87 to determine if the certificate has already been registered.

2. If the certificate has not been registered, follow the procedure for “Importing a certificate into the

jssecacerts truststore” on page 87.

Checking the truststores

If you have already obtained a certificate from a well-known CA, execute the following command to

check whether the certificate has already been registered, first in the jssecacerts truststore (if it

exists), then in cacerts.

keytool -list -v -keystore truststore-file-name -storepass

truststore-access-password

For -keystore truststore-file-name, specify the truststore file you want to view.

For-storepass truststore-access-password, specify the password for accessing the

truststore. The default password for cacerts is changeit. (Because jssecacerts must be created

by the administrator, it has no default password.)

The following shows an example of commands to check jssecacerts and then cacerts (if

jssecacerts does not exist, you can skip the first command):

/opt/CVXPAE/Base/jdk/bin/keytool -list -v -keystore /opt/CVXPAE/Base/jdk/

jre/lib/security/jssecacerts -storepass mavrac

/opt/CVXPAE/Base/jdk/bin/keytool -list -v -keystore /opt/CVXPAE/Base/jdk/

jre/lib/security/cacerts -storepass changeit

Importing a certificate into the jssecacerts truststore

Note the following:

• If the jssecacerts file does not exist, it is created when you run the command to register the

certificate.

Configuration Guide 87