Configuring SSL connections

If the Nokia NSP server is using a Secure Socket Layer (SSL) connection to encrypt data exchanged over JMS and HTTP, you will need to configure the truststore for the HTTPS connection on the Netcool/OMNIbus probe server.

To configure the truststore, use the following steps:
  1. Obtain the security certificate from the NSP server.
  2. Import the security certificate from the NSP server.
  3. Verify that the security certificate has been imported into the keystore.

Obtaining a certificate file into the truststore

There are two possible approaches:
  1. Obtaining Nokia NSP security certificate from certificate authority (CA)
  2. Exporting security certificate file from an existing keystore file from NSP server using the command:

    ./keytool -export -alias alias_name -keystore keystore_file -storepass password -file certificate_file

    Where:

    alias_name is the keystore alias specified during Nokia NSP keystore generation, for example: NSP_ALIAS.

    keystore_file is the path to and name of the Nokia NSP keystore file, for example: /opt/nspserver.keystore.

    password is the Nokia NSP keystore password, for example: the password of nspserver.keystore.

    certificate_file is the path to and name of the certificate file to be created, for example: /opt/nspcert.

Importing a security certificate into a new or an existing truststore on the Netcool/OMNIbus probe server

To import a certificate file into the truststore, use one of the following steps:

  1. For importing the certificate into a new truststore, use the following command:

    ./keytool -import -trustcacerts -alias new_alias_name -file certificate_file -keystore truststore_file -storepass password

    Note: If the alias does not point to an existing key entry in a truststore file, then keytool assumes you are adding a new trusted certificate entry into truststore file. In this case, the alias should not already exist, otherwise importing fails.

  2. For importing the certificate into an existing truststore, use the following command:

    ./keytool -import -trustcacerts -alias alias_name -file certificate_file -keystore truststore_file -storepass password

    Note: If the alias points to a key entry in a truststore file, then keytool assumes you are importing a certificate reply, replacing old certificate chain with new certificate chain in truststore file.

    Where:

    alias_name is the key entry of the certificate reply. The alias must be the same as that specified during keystore file generation in Nokia NSP server, for example: NSP_ALIAS.

    new_alias_name is the keystore alias of a new keystore, for example: NSP_ALIAS_NEW.

    certificate_file is the path to and name of the certificate file created earlier, for example: /opt/nspcert.

    truststore_file is the path to and name of the truststore file that will contain the imported certificate, for example: /opt/nspserver.truststore.

    password is the Nokia NSP keystore password, for example: the password of nspserver.truststore.

Verifying that the security certificate has been imported into the keystore

To verify that the certificate has been imported into the keystore, use the following command:

./keytool -list -v -keystore truststore_file

Where:

truststore_file is the path to and name of the truststore file generated, for example: /opt/nfmpserver.trustStore.

Note: For more details about configuring SSL security for the Nokia NSP server (including instructions about obtaining certificate files) refer to the NSP Installation and Upgrade Guide.