Hub/Switch Installation Guide

ManualsBrandsIBM ManualsSwitchHub/Switch

181

182

183

184

185

186

187

188

189

190

Chapter 3 System Preparation

HPSS Installation Guide September 2002 183

Release 4.5, Revision 2

You willbepromptedfor the password,WHICH WILL BE ECHOED ASYOU TYPE IT, so

make sure you are working from a location where the password cannot be compromised.

Type in the default password ("changeit"). The utility should list the certiﬁcates in the ﬁle.

4. Change the password with the -storepasswd option of the keytool command. In this

example, the new password is "XXXXXX". Again, we are changing the password for the

cacerts ﬁle; do this for each trusted store ﬁle, substituting the correct ﬁle name for the "-

keystore" option:

$JAVA_HOME/bin/keytool -keystore cacerts -storepasswd \

-new XXXXXX

5. Verify that the password was changed properly by listing the ﬁle again:

$JAVA_HOME/bin/keytool -keystore cacerts -list

Again,your passwordwill beechoedas youtype it,sobesureno onecanreadyour screen.

This change should be performed on the Data Server host machine and on any host from which

hpssadm will be executed.

The installation instructions for Java 1.3.0 also include directions for changing this password.

See the keytool man page with your Java installation for more information on using the keytool

utility.

3.8.3 Conﬁguring SSL

SSL (Secure Sockets Layer) must be conﬁgured for the Data Server even if the hpssadm utility is

not executed, because the Data Server reads its private key as part of its initialization, even if he

subsequently never needs it for any hpssadm client. The steps below which are necessary for the

Data Server are distinguished from those necessary only for hpssadm.

SSL is used to encrypt the transmission of the user's DCE user name and password from the

hpssadm utility totheDataServer. Infact, theentire session by which thehpssadm utilitysubmits

commands to the Data Server is encrypted with SSL.

Be aware,however, that thereis asecond session between theDataServerand thehpssadm utility.

This second, independent session is the one by which the Data Server sends the hpssadm client

asynchronous notiﬁcations of changes in HPSS statuses, such as a notice that a server has gone

downor adeviceopstate haschanged.No passwordinformationistransmitted acrossthissession,

and it is not encrypted.

Thissectionexplainshow toconﬁguretheJava SSLextension andthe Data Serverforuse withSSL.

3.8.3.1 Installing the Security Provider

Inorder forJavato accessthe SSLextension,the SSLprovidermust beinstalled. To do this,addthe

provider to the Java security ﬁle

$JAVA_HOME/lib/security/java.security