Guest

Preview Tool

Cisco Bug: CSCus51343 - DOC - DCNM 7.1 configuration guide is not correct for enabling SSL

Last Modified

Mar 17, 2015

Products (1)

  • Cisco Data Center Network Manager

Known Affected Releases

7.1(1)

Description (partial)

Symptom:
To enable SSL/HTTPS access on DCNM 7.1, follow these steps instead of the configuration guide.

If new installation:
From command prompt, navigate to <DCNM install root>/dcm/java/jre1.7/bin/

[Step-1:] Generate the public-private key pair in DCNM keystore.

keytool -genkeypair -alias <alias-name> -keyalg RSA  -keystore "<DCNM install root>\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3

For e.g.
keytool -genkeypair -alias mykey -keyalg RSA  -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3


[Step-2:] Generate the certificate signing request (CSR) from the public key generated in step-1

keytool -certreq -alias <alias-name-from-Step-1> -file <csr-file-name> -keystore "<DCNM install root>\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3

For e.g.
keytool -certreq -alias mykey -file certreq.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3

[Step-3:] Submit the CSR to certificate signing authority to digitally sign it and download the certificate along with the root,intermediate (
if applicable)

[Step-4:] Import the intermediate certificate first --> then the root certificate --> and then the signedcert by following
the steps below:

keytool -importcert -alias <unique-alias-name> -file <intermediate cert file location> -keystore "<DCNM install root>\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3
keytool -importcert -alias <unique-alias-name> -file <root cert file location> -keystore "<DCNM install root>\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3
keytool -importcert -alias  <alias-name-from-Step-1> -file <CA signed cert file location> -keystore "<DCNM install root>\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3


For e.g.


keytool -importcert -alias inter -file inter.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3

keytool -importcert -alias root -file root.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3

keytool -importcert -alias mykey -file mykey.pem -keystore "D:\Cisco Systems\dcm\jboss-as-7.2.0.Final\standalone\configuration\fmserver.jks" -storepass fmserver_1_2_3


[Step-5:]  Stop the DCNM services.

[Step-6:]   Open the files :

     <Install root>/dcm/JBoss- 7.2.0.Final/standalone/configuration/standalone-san.xml
     <Install root>/dcm/JBoss- 7.2.0.Final/standalone/configuration/ standalone-lan.xml

Search for key-alias="sme" and replace with key-alias="<key-alias in STEP-1 above>"

[Step-6:]  Restart the DCNM services

If changing to HTTPS from HTTP after installation, follow these steps first:
1.	Check /root/packaged_files/properties/installer.properties file  and set the above parameters:
      USE_HTTPS=TRUE
      DCNM_SAN_WEB_PORT=443
      DCNM_WEB_PORT=8443
2.	If correct, stop DCNM
3.	run installer from /root/packaged_files/installer/dcnm-installer.ova-x64*bin as:
<installer_bin> -i silent -f /root/packaged_files/properties/installer.properties -DSET=TRUE
4.	start DCNM
5.	Do the steps from above which are needed for new installation to create and install the certificate

It will take care of database as well as server.properties in web.

Conditions:
Relevant for the configuration guide of DCNM 7.1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.