Configuring Certificates in Global Network Management Environments

During NNMi installation, the installation script creates a self-signed certificate for the NNMi management server. This certificate contains an alias that includes the fully-qualified domain name of the node. The installation script adds this self-signed certificate to the NNMi management server’s nnm-key.p12 and nnm-trust.p12 files.

Complete the following steps to configure the global network management feature to use self-signed/CA-signed certificates based on the following diagram.

Before you begin, make sure that the required certificates are created on the regional manager systems. For details, see Replacing an Existing Certificate with a new Self-Signed or CA-Signed Certificate.

If you are using a mix of newly installed NNMi 10.30 instances and NNMi management servers upgraded to the version 10.30 from an older version, follow the guideline in Configure an Upgraded Environment to Use the New Keystore.

Global Network Management

  1. Change to the following directory on regional1 and regional2 :

    • Windows:%NnmDataDir%\shared\nnm\certificates
    • Linux: $NnmDataDir/shared/nnm/certificates
  2. Copy the nnm-trust.p12 files from the above locations on regional1 and regional2 to some temporary location on global1.
  3. Run the following command on global1 to merge the regional1 and regional2 certificates into global1’s nnm-trust.p12 file.

    Windows:

    1. nnmcertmerge.ovpl -truststore regional1_nnm-trust.p12_location
    2. nnmcertmerge.ovpl -truststore regional2_nnm-trust.p12_location

    Linux

    1. nnmcertmerge.ovpl -truststore regional1_nnm-trust.p12_location
    2. nnmcertmerge.ovpl -truststore regional2_nnm-trust.p12_location
  4. Run the following command sequence on global1:

    1. Run ovstop on the global1 NNMi management server.
    2. Run ovstart on the global1 NNMi management server.

    When making file changes under High Availability (HA), you need to make the changes on both nodes in the cluster. For NNMi using HA configurations, if the change requires you to stop and restart the NNMi management server, you must put the nodes in maintenance mode before running the ovstop and ovstart commands.