Moogsoft Docs

Configuring SSL in HP NNMi

The HP NNMi by default supports SSL communication. During installation, it generates self-signed certificates which can be used for establishing the SSL communication. The steps to establish the SSL communication are as follows:

  1. Navigate to the HP NNMi bin directory, the directory is /opt/OV/bin
  2. Run the following command to get the alias name:

    ./nnmkeytool.ovpl -list  -storetype PKCS12 -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass

    Note

    The above command lists all the certificates in the nnm-trust.p12truststore. Copy the name of the certificate displayed on the screen, this name is the alias name

  3. Run the following command to export the HP NNMi certificate:

    ./nnmkeytool.ovpl -exportcert -alias <alias name> -storetype PKCS12 -keystore /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storepass ovpass -rfc -file /var/opt/OV/shared/nnm/certificates/nnmi.crt

    Note

    In the above command for <alias name> enter the name copied in step 2

  4. Navigate to the directory /var/opt/OV/shared/nnm/certificates

  5. Create a keystore using the following command. After executing the command, enter the desired password and information, when prompted.

    keytool -genkey -alias <aliasName> -keyalg RSA -keystore keystore.jks -keysize 2048

    Note

    Use the desired alias name, it should be different from the alias name used in the above steps

  6. Enter the following command to import the nnm.crt certificate in the keystore created above.

    keytool -import -alias hpnnmi -file nnmi.crt -keystore keystore.jks

    Note

    After executing the command, when prompted for the password, enter the same password used for creating the keystore.jks file

  7. Copy the certificate keystore.jks , and paste it into a directory on the machine where the HPNNMi LAM is running.
  8. Enter the path where the keystore.jks is copied, and its passwords, in the hpnnmi_lam.conf config file.

The SSL is configured for HP NNMi to communicate with the HP NNMi LAM

Note

If certificates signed from a trusted authority is used instead of the self-signed certificates, then import the trusted authority certificate in both nnm-trust.p12 and keystore.jks.

Use the following command to import the trusted certificate into nnm-trust.p12

./nnmkeytool.ovpl -importcert -alias <alias name> -file <trusted certificate file> -keypass < trusted certificate password> -trustcacerts -storetype PKCS12 -keystore nnm-trust.p12 -storepass ovpass

Similarly, import the trusted certificate in the keystore.jks or any other certificate file using

keytool -importcert -alias <alias name> -file <trusted certificate file> -keypass < trusted certificate password> -trustcacerts -storetype PKCS12 -keystore keystore.jks -storepass <pasword of the keystore.jks file>