Use > Virtualization management > Virtualization service tasks > Virtualization security > Edit Secure Mode and importing the CA certificate

Edit Secure mode and import the CA certificate

FIPS-enabled OpenStack can be used only in a properly secured SA environment. For more information, see SA FIPS 140-2 Compliance Statement in the SA Get started section.
  1. Select the Administration tab in the SA Client.
  2. Select System Configuration in the navigation pane.
  3. In the list of SA components, select Server Automation Web Services Data Access Engine. This displays the system configuration parameters for this component.

  4. Locate the Secure Mode flag, which is called twist.v12n.ssl.secure, and change the Value to True or False.

  5. Import your root CA Certificate onto each core and slice: /opt/opsware/twist/importV12nCert.sh ~/<srcCertFile> <type> <certAlias>, where:

    • <type> is either vmware or openstack.

    • <certAlias> is a unique alias name you provide to identify the CA Certificate.

      For example: /opt/opsware/twist/importV12nCert.sh ~/tmp/rui.crt vmware vcenter_cert

      The import function automatically imports your CA Certificate to both the FIPS NSS store and the Virtualization non-FIPS store.

  6. Restart the Web Services Data Access Engine (Twist) on all servers on the core where the certificate was imported: /etc/init.d/opsware-sas restart twist