IBM Hub/Switch - page 185

Chapter 3 System Preparation

HPSS Installation Guide September 2002 185

Release 4.5, Revision 2

Thiscommand will generate a public key and an associated private key for the Data Server

with alias "hpss_ssmds". It will also generate a self-signed certificate for hpss_ssmds

which includes his public key. The key will be valid for 365 days. The keys and certificate

willbe stored in the file "keystore.ds". This is the file the Data Server will read to obtain his

key and certificates when he first begins execution.

Aftertyping this command, you will be prompted for the password for the keystore. It will

password. Ifthe Data Server is started in low security mode, this password must be stored

ondisk, as described in Section 3.8.3.3: Storing the Password to the Data Server's Keystore File

on page 186.

Thisis the only step in this section (3.8.3.2) which is necessary for the proper configuration

of the Data Server. The remaining steps in this section are necessary only for the

configuration of the hpssadm utility.

2. Obtainand record the fingerprint for the Data Server's certificate using the keytool utility:

% $JAVA_HOME/bin/keytool -keystore keystore.ds -list -v

This will list every key in the keystore (which should be just the one for the Data Server)

and its certificate fingerprint, a long number representing the certificate. This fingerprint

which will hold a binary representation of the Data Server's certificate.

certificate to the hpssadm utility's trusted store. You can name it anything you want and

remove it once you are finished with it.

On each machine from which thehpssadm utility will be executed:

1. Transfer the certificate fileds.cer to the hpssadm client machine.

Use the mechanism (ftp, etc.) of your choice. scp is recommended.

is a good idea to save the original trusted store file (cacerts) first:

% cd $JAVA_HOME/lib/security