Administer > Manage Certificates > Using the JKS Repository of Certificates > Working with Certificates in Application Failover Environments

Working with Certificates in Application Failover Environments

Using Certificates with Application Failover

When configuring the application failover feature, you must merge the content of the nnm.keystore and nnm.truststore files for both nodes into one nnm.keystore file and one nnm.truststore file.

Complete the following steps to configure the application failover feature to use self-signed or CA-signed certificates.

Caution If you are using self-signed certificates with NNMi along with the application failover feature, and do not complete the following steps, NNMi processes will not start correctly on the standby NNMi management server (Server Y in this example).

  1. Change to the following directory on Server Y :

    • Windows:%NnmDataDir%\shared\nnm\certificates
    • Linux: $NnmDataDir/shared/nnm/certificates
  2. Copy the nnm.keystore and nnm.truststore files from Server Y to some temporary location on Server X. The remaining steps refer to these file locations as <keystore> and <truststore>.
  3. Run the following command on Server X to merge Server Y’s certificates into Server X’s nnm.keystore and nnm.truststore files.

    Windows:

    nnmcertmerge.ovpl -keystore <keystore> -truststore <truststore> 

    Linux:

    nnmcertmerge.ovpl -keystore <keystore> -truststore <truststore>
  4. Copy the merged nnm.keystore and nnm.truststore files from server X to server Y, so that both nodes have the merged files. The location of these files is as follows:

    • Windows:%NnmDataDir%\shared\nnm\certificates
    • Linux: $NnmDataDir/shared/nnm/certificates
  5. Run the following command on both Server X and Server Y. Verify that the displayed results from both servers, including the fully-qualified-domain names, match. If they do not match do not continue, rather redo 1 through 1.

    Windows:

    %jdkdir%\bin\keytool.exe -list -keystore %NnmDataDir%\shared\nnm\certificates\nnm.keystore -storepass nnmkeypass

    Linux:

    $jdkdir/bin/keytool -list -keystore $NnmDataDir/shared/nnm/certificates/nnm.keystore -storepass nnmkeypass
  6. Run the following command on both Server X and Server Y. Verify that the displayed results from both servers, including the fully-qualified-domain names, match. If they do not match do not continue, rather redo 1 through 1.

    Windows:

    %jdkdir%\bin\keytool.exe -list -keystore %NnmDataDir%\shared\nnm\certificates\nnm.truststore
    -storepass ovpass

    Linux:

    $jdkdir/bin/keytool -list -keystore $NnmDataDir/shared/nnm/certificates/nnm.truststore -storepass ovpass
  7. Continue configuring the application failover feature at Application Failover.