3PAR StoreServ Storage
cancel
Showing results for 
Search instead for 
Did you mean: 

Updating the Certificate for the SSMC 2.0

SOLVED
Go to solution
L1nklight
Valued Contributor

Updating the Certificate for the SSMC 2.0

I'd like to update the certificate for the SSMC. I havent been able to find any details about it. Does anyone have a link or some info about that? 

5 REPLIES
ByteSizedAlex
Occasional Visitor

Re: Updating the Certificate for the SSMC 2.0

I'm currently trying to work my way through this. I think if I can reverse the password for the keystore file I should be able to update it and add my own certs.


If I manage to do this I will post back and write a full 'how to' on my website.

Sheldon Smith
Honored Contributor
Solution

Re: Updating the Certificate for the SSMC 2.0

The process is documented for SSMC 2.1, available from the HP Software Depot. See the HP 3PAR StoreServ Management Console 2.1 Administrator Guide, QL226-97788. The following is from the 2.1 Admin Guide:

 

Creating a CA certificate
The following procedure uses Java’s keytool to create public and private keys. For information on using keytool see: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html 1. Navigate to C:\Program Files\Hewlett-Packard\SSMC\ssmcbase\etc\ and rename keysstore. to keystore.original. 2. Use keytool to create a new public/privage key pair in a a new keystore file:
keytool -genkeypair -keystore keystore. -alias jetty -keyalg RSA 3. Generate a certificate signing request (CSR):
keytool -certreq -keystore keystore. -alias jetty -file certificate.request.txt 4. Send the CSR to your Certificate Authority and save the resulting signed certificate to the folder in which the keystore resides. 5. Add the chain of certificates to the keystore, starting with the root CA certificate, any intermediate CA certificates, and finally the signed certificate returned by the CA:
keytool -import -alias root -keystore keystore -trustcacerts -file CA.cert.txt
keytool -import -alias jetty -keystore keystore -trustcacerts -file certificate.response.cert.txt 6. Update C:\Program Files\Hewlett-Packard\SSMC\etc\jetty-ssl.xml with the passwords used by the new keystore. Passwords can be in plain text or they can be obfuscated using a Java class which is documented at http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords. 7. Restart the HP 3PAR StoreServ Management Console Server service. 8. Import the Certificate Authority’s root certificate into the Trusted Root Certificate Store in the browser and browse to SSMC.
The previous instructions are for SSMC installed on Windows but apply in general to Linux as well. NOTE: You must repeat this process each time you update SSMC.

 

 

Note: While I work for HP, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! "White Star" !


Note: While I work for Hewlett Packard Enterprise, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! thumb below!
ByteSizedAlex
Occasional Visitor

Re: Updating the Certificate for the SSMC 2.0

Ah beat me to it, I just created a post that does things slightly differently with a GUI app instead of the JAVA cli -

 

http://www.bytesizedalex.com/hp-3par-storeserv-management-console-ssmcssl-certificate-replacement/

 

 

L1nklight
Valued Contributor

Re: Updating the Certificate for the SSMC 2.0

Thanks guys. I will work to get this into production. I just grabbed a copy of the ssmc 2.1 to upgrade my 2.0. 

feibob
Occasional Contributor

Re: Updating the Certificate for the SSMC 2.0

This is the section where i get lost..

 

5. Add the chain of certificates to the keystore, starting with the root CA certificate, any intermediate CA certificates, and finally the signed certificate returned by the CA:

keytool -import -alias root -keystore keystore -trustcacerts -file CA.cert.txt

keytool -import -alias jetty -keystore keystore -trustcacerts -file certificate.response.cert.txt

 

Where is the "CA.cert.txt" this step is refering too? Was i supposed to generate that as well?  IF so, i don't see the steps to do that.  Or am i just missing something?  Totally possible!

thanks!