Before beginning this procedure, you must have created self-signed certificates (see Creating a Self-signed Certificate).
This procedure imports certificates from multiple MPE andMRA clusters and enables a secure connection. You would use this procedure, in place of the procedures Exporting a Local Certificate to a Policy Management Server and Importing a Peer Certificate, to save time when exchanging certificates in a large Policy Management network.
You cannot use this procedure for connections between a Network Configuration Management Platform (NW-CMP) system and a System Configuration Management Platform (S-CMP) system.
From the primary site active CMP or S-CMP server:
This example shows a successful execution of qpRunInTopo.py. The certificate file mpe-a.cer is imported from the MPE server mpe01 to the active CMP server at IP address nn.nn.nn.nn.
# /opt/camiant/bin/qpRunInTopo.py --cmd="sslKeyUtil --exportToCmp --target=nn.nn.nn.nn" --pool-size=1 --prod=mpe,mra --ha-role=Active --show Command will be run on following servers: ["mpe01"] Continue? [yes|no]: yes [ { 'errput': 'FIPS integrity verification test failed.\r\nCertificate stored in file </tmp/mpe01_mpe-a.cer>\n', 'id': 'admusr@mpe01: sslKeyUtil --exportToCmp --target=nn.nn.nn.nn', 'output': 'Export to cmp\n\Going to export key mpe-a\n\Importing to cacerts.jks in target nn.nn.nn.nn\nSSHRun returns 0\n', 'ret_code': 0}] ======================================= Suceeded. #
Once certificates are exchanged, to enable an HTTPS connection, log on to the active CMP server, select the Policy Management cluster, and select the Secure Connections check box, located on the Policy Server tab. See the appropriate CMP User's Guide for more information.