Hitachi Compute Blade 500 Series User Manual page 92

(1) Create a CSR (Certificate Signing Request).
Use opr HvmCSR command to create a CSR.
Make sure that a unique common name (CN) is set in the subject
information for a self signed certificate per LPAR manager.
A private key corresponding to the CSR is generated in LPAR manager.
The same private key cannot be generated.
The private key and server certificate that you have created will be used
in step (3) to register the signed server certificate. Before the server
certificate is registered, the previous private key and server certificate are
used.
Use opr HvmSecureCmmConfigSave command to save the LPAR
manager configuration information before shutting down or rebooting
LPAR manager.
(2) Have a certificate signed by CA (certificate authority).
Send the created CSR to the CA to obtain the signed certificate.
(3) Register the server certificate signed by CA.
Use opr HvmCACertificateRegist command to register the signed
server certificate to the LPAR manager. The certificate can be registered
only in the LPAR manager for which the CSR is created.
Use opr HvmSecureCmmConfigSave command to save the LPAR
manager configuration information and back up that before shutting down
or rebooting the LPAR manager.
Authentication of the other system
When LPAR manager tries to connect to the other system using TLS, it can
authenticate the other system by verifying the other system's certificate. For
authentication, register a certificate of the other system or a certificate of CA
that has signed the certificate of the other system in the LPAR manager, and
enable the certificate verification.
Use opr HvmClientCertificateRegist command to register a certificate and
opr HvmIfSecureVerify command to enable the certificate verification.
• System available for LPAR manager authentication The following system
can be authenticated by LPAR manager.
– HCSM (alert)
2-20
Hitachi Compute Blade 500 Series Logical partitioning manager User's Guide
System Operation