Sun Cluster 3.1 System Administration Guide

How to Configure a New Security Certificate

You can generate your own security certificate to enable secure administration of your cluster, and then configure SunPlex Manager to use that certificate instead of the one generated by default. This procedure is an example of how to configure SunPlex Manager to use a security certificate generated by a particular security package. The actual tasks you must complete depend on the security package you use.


Note –

You must generate an unencrypted certificate to allow the server to start on its own during boot up. Once you have generated a new certificate for each node of your cluster, configure SunPlex Manager to use those certificates. Each node must have its own security certificate.


  1. Copy the appropriate certificate to the node.

  2. Open the /opt/SUNWscvw/conf/httpd.conf configuration file for editing.

  3. Edit the following entry to enable SunPlex Manager to use the new certificate.


    SSLCertificateFile <path to certificate file>
    

  4. If the server private key is not combined with the certificate, edit the SSLCertificateKeyFile entry.


    SSLCertificateKeyFile <path to server key>
    

  5. Save the file and exit the editor.

  6. Restart SunPlex Manager.


    # /opt/SUNWscvw/bin/apachectl restart
    

  7. Repeat this procedure for each node in the cluster.

Example—Configuring SunPlex Manager to Use a New Security Certificate

The following example shows how to edit the SunPlex Manager configuration file to use a new security certificate.


[Copy the appropriate security certificates to each node.]
[Edit the configuration file.]
# vi /opt/SUNWscvw/conf/httpd.conf
[Edit the appropriate entries.]
SSLCertificateFile /opt/SUNWscvw/conf/ssl/phys-schost-1.crt
SSLCertificateKeyFile /opt/SUNWscvw/conf/ssl/phys-schost-1.key
[Save the file and exit the editor.]
[Restart SunPlex Manager.]
# /opt/SUNWscvw/bin/apachectl restart