Hub/Switch Installation Guide
Chapter 3 System Preparation
184 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
There should already be at least one security provider listed in this file, probably in a format
something like:
security.provider.1=sun.security.provider.Sun
If there is more than one provider listed, they should be numbered in increasing numerical order:
security.provider.2=XXX.security.provider.foox
security.provider.3=YYY.security.provider.fooy
security.provider.4=ZZZ.security.provider.fooz
etc.
Add the line for the SSL provider like this, substituting for "N" in this example the next available
number:
security.provider.N=com.sun.net.ssl.internal.ssl.Provider
3.8.3.2 Configuring Keys and Certificates for the Data Server
Step 1 belowis necessary for theproper configuration oftheData Server. All theother steps in this
section are required only for the configuration of the hpssadm utility.
The use of the SSL protocol between hpssadm and the Data Server requires that a public/private
key pair be generated for the Data Server and that the Data Server present an X.509 certificate to
identify himself to the hpssadm client. The hpssadm client must have access to a trusted store of
certificates which includes either the Data Server's certificate or the certificate of a certificate
authority who has signed the Data Server's certificate. If your site requires certificates to be signed
byan authoritysuchas Verisign,see yoursitesecurity personnelfor instructionsforgenerating the
public/private key pair and obtaining a signed certificate for the Data Server. If a self-signed
certificate for the Data Server is acceptable to your site, follow the instructions in this section.
On the machine where the Data Server will be executed:
1. Create a public/private key pair and a certificate for the Data Server using the keytool
utility.
You can choose any name you wish for the Data Server; in this example, we have called it
"HPSS Data Server". You mustalso specifyan aliasfor theDataServer, forwhich wehave
used"hpss_ssmds".Thekeypairandcertificate mustbestoredinakeystore,a filethat will
be private to the Data Server. The default name for this keystore file is
/var/hpss/ssm/keystore.ds
Thisnamecan bechanged in thehpss_envfile bysetting theHPSS_SSMDS_KEYSTORE
variable as desired. The keystore file will be protected with a password, which should be
unique and used only for protecting this keystore and the key within it.
% cd /var/hpss/ssm
% $JAVA_HOME/bin/keytool -genkey -dname "cn=HPSS Data Server" \
-alias hpss_ssmds -keystore keystore.ds -validity 365