Administer > Manage Certificates > Using the JKS Repository of Certificates > Working with Certificates in Global Network Management Environments

Working with Certificates in Global Network Management Environments

Configuring Certificates in Global Network Management Environments

During NNMi installation, the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server’s nnm.keystore and nnm.truststore files.

Complete the following steps to configure the global network management feature to use self-signed/CA-signed certificates based on the following diagram.

Before you begin, make sure that the required certificates are created on the regional manager systems. For details, see Replacing an Existing Certificate with a New Self-Signed or CA-Signed Certificate.

Global Network Management

  1. Change to the following directory on regional1 and regional2 :

    • Windows:%NnmDataDir%\shared\nnm\certificates
    • Linux: $NnmDataDir/shared/nnm/certificates
  2. Copy the nnm.truststore files from the above locations on regional1 and regional2 to some temporary location on global1.
  3. Run the following command on global1 to merge the regional1 and regional2 certificates into global1’s nnm.truststore file.

    Windows:

    1. nnmcertmerge.ovpl -truststore regional1_nnm.truststore_location
    2. nnmcertmerge.ovpl -truststore regional2_nnm.truststore_location

    Linux

    1. nnmcertmerge.ovpl -truststore regional1_nnm.truststore_location
    2. nnmcertmerge.ovpl -truststore regional2_nnm.truststore_location
  4. Run the following command sequence on global1:

    1. Run ovstop on the global1NNMi management server.
    2. Run ovstart on the global1NNMi management server.

    When making file changes under High Availability (HA), you need to make the changes on both nodes in the cluster. For NNMi using HA configurations, if the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the ovstop and ovstart commands.

Configuring Certificates in Global Network Management Environments with Failover

During NNMi installation the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server’s nnm.keystore and nnm.truststore files.

This example uses the global network management configuration with the application failover feature as shown in the following diagram:

Global Network Management with Application Failover

Complete the following steps to configure the global network management feature to work with application failover based on the above diagram.

  1. Follow the instructions shown in Working with Certificates in Application Failover Environments for each application failover cluster shown in the above diagram.
  2. Complete the configuration for application failover shown in Application Failover Requirements.
  3. Follow the instructions shown in Working with Certificates in Global Network Management Environments for regional1_active and regional2_active.