7.
Install the new certificate and CA certificate in the Policy Server keystore file:
a.
Transfer both the new certificate (tomcat.crt) and the OpenSSL CA certificate (cacert.crt)
to the Policy Server server.
b.
Install both certificates in the Policy Server keystore file.
Now the Policy Server is enabled to support SSL connections over port 8443. The Policy Server is
still configured for non-SSL connections over port 443. HP recommends that users disable the Policy
Server from allowing connections over port 443.
To disable non-SSL connections to the Policy Server, edit the following Policy Server configuration
file:
C:\Program Files (x86)\HP3Par\PolicyServer\Tomcat6\aps\conf\server.xml
32
Configuring the Policy Sever for SSL by Using an Existing Certificate Infrastructure
SSL Certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias tomcat -file c:\hp-3par\tomcat.crt -keystore c:\hp-3par\heystore-ps
Enter keystore password:
Certificate reply was installed in keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>
CA certificate:
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>keytool -import
-trustcacerts
-alias root -file c:\hp-3par\cacert.crt -keystore c:\hp-3par\keystore-ps
Enter keystore password:
Owner: EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Issuer: EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP,
ST=CA, C=US
Serial number: ba5d98b125297b80
Valid from: Wed Oct 31 08:16:30 PDT 2012 until: Sat Oct 31 08:16:30 PDT
2015
Certificate fingerprints:
MD5: 77:A6:21:D1:36:FE:BF:95:58:D1:67:33:5E:12:14:07
SHA1: 53:55:B0:D8:D3:A4:6B:35:B3:79:DF:DF:47:44:09:76:86:BF:65:F1
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=.
0010: 67 44 14 D6 gD..
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E3 8F F8 1E 12 F6 FD 76 6D ED 60 82 DF DC 3D F1 .......vm.`...=.
0010: 67 44 14 D6 gD..
[EMAILADDRESS=admin@hp.com, CN=Cert Admin, OU=3PAR, O=HP, ST=CA,
C=US]
SerialNumber: [ ba5d98b1 25297b80]
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\Program Files (x86)\HP 3PAR\PolicyServer\jre\bin>