![]() |
< Previous | Next > |
Product: Cluster Server Guides | |
Manual: Cluster Server 4.1 User's Guide |
Managing VRTSweb SSL CertificatesWhen serving content over the secure port, VRTSweb presents a self-signed SSL certificate (issued by VERITAS) to the browser. This section describes how you can manage the certificate. ![]() Viewing SSL Certificate InformationTo view information about the configured SSL certificate, run the following command on the system where VRTSweb is installed: # $VRTSWEB_HOME/bin/webgui cert display Creating a Self-Signed SSL CertificateTo create a custom self-signed SSL certificate for VRTSweb, run the following interactive command on the system where VRTSweb is installed: # $VRTSWEB_HOME/bin/webgui cert create The command guides you through the process of creating a new certificate. Please answer the following questions to create a self-signed SSL certificate. This is required to enable the HTTPS protocol for the web server. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ With what hostname/IP will you access this web server? [thor106]:thor106 What is the name of your organizational unit? [Unknown]:Engineering What is the name of your organization? [Unknown]:Your Company What is the name of your City or Locality? [Unknown]: Mountain View What is the name of your State or Province? [Unknown]:California What is the two-letter country code for this unit? [Unknown]:US Is CN=thor106, OU=Engineering, O=Your Company, L=Mountain View, ST=California, C=US correct? [no]:yes Certificate created successfully ![]() Exporting SSL Certificate to a FileYou can export the public key associated with an SSL certificate to a file. This key can then be imported into other applications that will trust the VRTSweb instance. Run the following command on the system where VRTSweb is installed: # $VRTSWEB_HOME/bin/webgui cert export cert_file [rfc] If the VRTSweb SSL certificate does not exist, the command prompts you to create one. If you specify the RFC option, the key output is encoded in a printable format, defined by the Internet RFC 1421 standard. # /opt/VRTSweb/bin/webgui cert export /myapp/vrtsweb.cer rfc Configuring a CA-Signed SSL CertificateBy default, VRTSweb presents a self-signed SSL certificate every time you access VRTSweb over the SSL port. You can install a certificate signed by a Certificate Authority (CA) like Verisign.com or Thawte.com.
Cloning the VRTSweb SSL CertificateYou can clone the VRTSweb SSL keypair into a keystore and use the cloned VRTSweb certificate for another application or Web server. Visit http://java.sun.com for more information about keystores. # $VRTSWEB_HOME/bin/webgui cert clone keystore storepass alias keypass If a clone keystore exists, the command renames it to keystore.old. If the VRTSweb SSL certificate does not exist, the command prompts you to create one. For example: # /opt/VRTSweb/bin/webgui webgui cert clone /myapp/myserv.keystore mystorepass myalias mykeypass |
^ Return to Top | < Previous | Next > |
Product: Cluster Server Guides | |
Manual: Cluster Server 4.1 User's Guide | |
VERITAS Software Corporation
www.veritas.com |