NOTE:

After deleting pccCert.pem or httpCert.pem in /opt/keys, be sure to log off or close the PCC UI. If you don’t and refresh, the PCC UI will re-create these files. (The SSL Configuration page will also not allow new CSRs be created.)

Installing and generating a certificate on the PCC portal

Follow these steps to generate and install a certificate for the RISS PCC portal.

1.Create a certificate signing request (CSR) for the PCC:

a.Log in to the PCC Web interface and go Configuration > SSL Configuration.

b.Complete the CSR generation form.

c.Log out of the PCC Web interface.

This generates two files on the PCC:

/opt/keys/pccCert.pem (the certificate request)

/opt/keys/pcckey.pem (the RSA private key)

2.Manually copy the certificate request file to your local machine:

scp root@[external ip address of PCC]:/opt/keys/pccCert.pem

3.Send the certificate request to a certificate authority (CA) such as VeriSign for signing. Follow the instructions provided by your CA.

4.Import the certificate you receive from the CA into the RISS PCC:

a.Store the certificate from the CA on your local machine (for example, as pccCertSigned.pem).

b.Copy the certificate to the PCC:

scp pccCertSigned.pem root@[external ip address of PCC]:/opt/keys/ pccCertSigned.pem

5.Import the certificate into the PCC’s Apache server:

usr/local/bin/ssl_cert_update.pl -pcc -cert /opt/keys/pccCertSigned.pem -key /opt/keys/pcckey.pem

6.Restart the PCC’s Apache server by issuing the following command:

/etc/init.d/httpd restart

Installing and generating a certificate on the HTTP portals

Follow these steps to install a certificate on the RISS HTTP portals.

1.Create a certificate signing request (CSR) for the HTTP portals:

a.Log in to the PCC Web interface and go Configuration > SSL Configuration.

b.Complete the CSR generation form.

c.Log out of the PCC Web interface.

This generates two files on the PCC:

/opt/keys/httpCert.pm (the certificate request)

/opt/keys/httpkey.pem (the RSA private key)

2.Manually copy the certificate request file to your local machine:

scp root@[external ip address of PCC]:/opt/keys/httpCert.pm

40 Configuration

Page 40
Image 40
HP RISS Components manual Installing and generating a certificate on the PCC portal