HPE Community
HPE 3PAR StoreServ Storage
1752511 Members
4890 Online
108788 Solutions
New Discussion

Re: Updating the Certificate for the SSMC 2.0

 
SOLVED
Go to solution
L1nklight
Valued Contributor

‎05-01-2015 06:53 AM

‎05-01-2015 06:53 AM

Updating the Certificate for the SSMC 2.0

I'd like to update the certificate for the SSMC. I havent been able to find any details about it. Does anyone have a link or some info about that? 

0 Kudos
Reply
5 REPLIES 5
ByteSizedAlex
Occasional Visitor

‎05-06-2015 06:24 AM

‎05-06-2015 06:24 AM

Re: Updating the Certificate for the SSMC 2.0

I'm currently trying to work my way through this. I think if I can reverse the password for the keystore file I should be able to update it and add my own certs.


If I manage to do this I will post back and write a full 'how to' on my website.

Reply
Sheldon Smith
HPE Pro

‎05-06-2015 09:07 AM

‎05-06-2015 09:07 AM

Solution

Re: Updating the Certificate for the SSMC 2.0

The process is documented for SSMC 2.1, available from the HP Software Depot. See the HP 3PAR StoreServ Management Console 2.1 Administrator Guide, QL226-97788. The following is from the 2.1 Admin Guide:

 

Creating a CA certificate

The following procedure uses Java’s keytool to create public and private keys. For information on using keytool see:
http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

1. Navigate to C:\Program Files\Hewlett-Packard\SSMC\ssmcbase\etc\ and
rename keysstore. to keystore.original.

2. Use keytool to create a new public/privage key pair in a a new keystore file:

keytool -genkeypair -keystore keystore. -alias jetty -keyalg RSA

3. Generate a certificate signing request (CSR):

keytool -certreq -keystore keystore. -alias jetty -file certificate.request.txt

4. Send the CSR to your Certificate Authority and save the resulting signed certificate to the folder in which the keystore resides.

5. Add the chain of certificates to the keystore, starting with the root CA certificate, any intermediate CA certificates, and finally the signed certificate returned by the CA:

keytool -import -alias root -keystore keystore -trustcacerts -file CA.cert.txt

keytool -import -alias jetty -keystore keystore -trustcacerts -file certificate.response.cert.txt

6. Update C:\Program Files\Hewlett-Packard\SSMC\etc\jetty-ssl.xml with the passwords used by the new keystore. Passwords can be in plain text or they can be obfuscated using a Java class which is documented at http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords.

7. Restart the HP 3PAR StoreServ Management Console Server service.

8. Import the Certificate Authority’s root certificate into the Trusted Root Certificate Store in the browser and browse to SSMC.

The previous instructions are for SSMC installed on Windows but apply in general to Linux as well.
NOTE: You must repeat this process each time you update SSMC.

 

 

Note: While I work for HP, all of my comments (whether noted or not), are my own and are not any official representation of the company.
----------
If my post was useful, click on my KUDOS! "White Star" !


Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company

Accept or Kudo

Reply
ByteSizedAlex
Occasional Visitor

‎05-06-2015 09:45 AM

‎05-06-2015 09:45 AM

Re: Updating the Certificate for the SSMC 2.0

Ah beat me to it, I just created a post that does things slightly differently with a GUI app instead of the JAVA cli -

 

http://www.bytesizedalex.com/hp-3par-storeserv-management-console-ssmcssl-certificate-replacement/

 

 

Reply
L1nklight
Valued Contributor

‎05-26-2015 05:35 AM

‎05-26-2015 05:35 AM

Re: Updating the Certificate for the SSMC 2.0

Thanks guys. I will work to get this into production. I just grabbed a copy of the ssmc 2.1 to upgrade my 2.0. 

0 Kudos
Reply
feibob
Occasional Contributor

‎04-22-2016 06:03 AM

‎04-22-2016 06:03 AM

Re: Updating the Certificate for the SSMC 2.0

This is the section where i get lost..

 

5. Add the chain of certificates to the keystore, starting with the root CA certificate, any intermediate CA certificates, and finally the signed certificate returned by the CA:

keytool -import -alias root -keystore keystore -trustcacerts -file CA.cert.txt

keytool -import -alias jetty -keystore keystore -trustcacerts -file certificate.response.cert.txt

 

Where is the "CA.cert.txt" this step is refering too? Was i supposed to generate that as well?  IF so, i don't see the steps to do that.  Or am i just missing something?  Totally possible!

thanks!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.