Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Using Certificates with the PKCS #12 Repository
- Generating a Self-Signed Certificate
- Generating a CA-Signed Certificate
- Delete a Certificate from the NNMi Keystore
- Replacing an Existing Certificate with a new Self-Signed or CA-Signed Certificate
- Working with Certificates in Application Failover Environments
- Working with Certificates in High-Availability Environments
- Working with Certificates in Global Network Management Environments
- Configuring an SSL Connection to the Directory Service
Working with Certificates in Global Network Management Environments
Note NNMi10.30 introduces a Public Key Cryptography Standards (PKCS) #12 repository to store certificates. The new PKCS #12 file-based certificate management technique is available for use as soon as you install a new instance of NNMi10.30 on a system. Environments upgraded from an older version of NNMi continue to use a JKS repository to store certificates.
If you have upgraded to NNMi10.30 and did not complete the steps in Configure an Upgraded NNMi Environment to Use the New Keystore, skip to Configuring Certificates in Global Network Management Environments.
In upgraded environments, you can migrate to the PKCS #12 repository by using the steps in Configure an Upgraded NNMi Environment to Use the New Keystore.
Configuring Certificates in Global Network Management Environments
During NNMi installation, the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server’s nnm-key.p12
and nnm-trust.p12
files.
Complete the following steps to configure the global network management feature to use self-signed/CA-signed certificates based on the following diagram.
Before you begin, make sure that the required certificates are created on the regional manager systems. For details, see Replacing an Existing Certificate with a new Self-Signed or CA-Signed Certificate.
If you are using a mix of newly installed NNMi 10.30 instances and NNMi management servers upgraded to the version 10.30 from an older version, follow the guideline in Configure an Upgraded Environment to Use the New Keystore.
-
Change to the following directory on
regional1
andregional2
:- Windows:
%NnmDataDir%\shared\nnm\certificates
- Linux:
$NnmDataDir/shared/nnm/certificates
- Windows:
- Copy the
nnm-trust.p12
files from the above locations onregional1
andregional2
to some temporary location onglobal1
. -
Run the following command on
global1
to merge theregional1
andregional2
certificates intoglobal1
’snnm-trust.p12
file.Windows:
nnmcertmerge.ovpl -truststore regional1_nnm-trust.p12_location
nnmcertmerge.ovpl -truststore regional2_nnm-trust.p12_location
Linux
nnmcertmerge.ovpl -truststore regional1_nnm-trust.p12_location
nnmcertmerge.ovpl -truststore regional2_nnm-trust.p12_location
-
Run the following command sequence on
global1
:- Run
ovstop
on theglobal1
NNMi management server. - Run
ovstart
on theglobal1
NNMi management server.
When making file changes under High Availability (HA), you need to make the changes on both nodes in the cluster. For NNMi using HA configurations, if the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the
ovstop
andovstart
commands. - Run
Configuring Certificates in Global Network Management Environments with Failover
During NNMi installation the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server’s nnm-key.p12
and nnm-trust.p12
files.
If you are using a mix of newly installed NNMi 10.30 instances and NNMi management servers upgraded to the version 10.30 from an older version, follow the guideline in Configure an Upgraded Environment to Use the New Keystore.
This example uses the global network management configuration with the application failover feature as shown in the following diagram:
Global Network Management with Application Failover
Complete the following steps to configure the global network management feature to work with application failover based on the above diagram.
- Follow the instructions shown in Working with Certificates in Application Failover Environments for each application failover cluster shown in the above diagram.
- Complete the configuration for application failover shown in Application Failover Requirements.
- Follow the instructions shown in Configuring Certificates in Global Network Management Environments for
regional1_active and regional2_active
.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: