OPERATIONAL DEFECT DATABASE
...
...
To enable SSL/HTTPS access on DCNM 7.1, follow these steps instead of the configuration guide. If new installation: From command prompt, navigate to /dcm/java/jre1.7/bin/ [Step-1:] Generate the public-private key pair in DCNM keystore. keytool -genkeypair -alias -keyalg RSA -keystore "\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 For e.g. keytool -genkeypair -alias mykey -keyalg RSA -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 [Step-2:] Generate the certificate signing request (CSR) from the public key generated in step-1 keytool -certreq -alias -file -keystore "\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 For e.g. keytool -certreq -alias mykey -file certreq.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 [Step-3:] Submit the CSR to certificate signing authority to digitally sign it and download the certificate along with the root,intermediate ( if applicable) [Step-4:] Import the intermediate certificate first --> then the root certificate --> and then the signedcert by following the steps below: keytool -importcert -alias -file -keystore "\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 keytool -importcert -alias -file -keystore "\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 keytool -importcert -alias -file -keystore "\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 For e.g. keytool -importcert -alias inter -file inter.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 keytool -importcert -alias root -file root.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 keytool -importcert -alias mykey -file mykey.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3 [Step-5:] Stop the DCNM services. [Step-6:] Open the files : /dcm/JBoss- 7.2.0.Final/standalone/configuration/standalone-san.xml /dcm/JBoss- 7.2.0.Final/standalone/configuration/ standalone-lan.xml Search for key-alias="sme" and replace with key-alias="" [Step-6:] Restart the DCNM services If changing to HTTPS from HTTP after installation, follow these steps first: 1. Check /root/packaged_files/properties/installer.properties file and set the above parameters: USE_HTTPS=TRUE DCNM_SAN_WEB_PORT=443 DCNM_WEB_PORT=8443 2. If correct, stop DCNM 3. run installer from /root/packaged_files/installer/dcnm-installer.ova-x64*bin as: -i silent -f /root/packaged_files/properties/installer.properties -DSET=TRUE 4. start DCNM 5. Do the steps from above which are needed for new installation to create and install the certificate It will take care of database as well as server.properties in web.
Relevant for the configuration guide of DCNM 7.1
Not Applicable -- This is a documentation bug.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
