Configuring High-Availability Using New Certificates

This section creates a new self-signed or CA certificate, referred to as newcert. Complete the following steps to configure HA with this new CA or self-signed certificate.

Note When making file changes under High Availability (HA), you must make the changes on both nodes in the cluster. If the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the ovstop and ovstart commands. See Maintenance Mode for more information.

Tip You can complete this procedure before or after configuring NNMi for HA, as described in Shared NNMi Data in High Availability Environments.

  1. Change to the following directory on NNMi_HA1 before completing step 2:

    • Windows:%NnmDataDir%\shared\nnm\certificates
    • Linux: $NnmDataDir/shared/nnm/certificates
  2. On NNMi_HA1, run the following commands to import newcert into the nnm.keystore file:

    • Windows: %jdkdir%\bin\keytool -import -alias newcert_Alias -keystore nnm.keystore -file newcert
    • Linux: $jdkdir/bin/keytool -import -alias newcert_Alias -keystore nnm.keystore -file newcert
  3. Edit the following file on both the active (NNMi_HA1) and the standby (NNMi_HA2) nodes:

    • Windows: %NnmDataDir%\conf\nnm\props\nms-local.properties
    • Linux: $NnmDataDir/conf/nnm/props/nms-local.properties
  4. Change the following line in the nms-local.properties file on both NNMi_HA1 and NNMi_HA2.

    com.hp.ov.nms.ssl.KEY_ALIAS = newcert_Alias
  5. Save your changes.