Configuring SSL connections

If the Alcatel-Lucent 5620 SAM server is using a Secure Socket Layer (SSL) connection to encrypt data exchanged over JMS and HTTP, you will need to configure the truststore for the HTTPS connection on the Netcool/OMNIbus probe server.

Importing a certificate file into the truststore

To import a certificate file into the truststore, use the following steps:

  1. Either obtain the Alcatel EMS security certificate from the certificate authority (CA) or, if you have the appropriate user access, export the Alcatel EMS keystore into a certificate on the Alcatel EMS server. Refer to the note below for details of where to find instructions about obtaining certificate files and how to generate a keystore file.

    To export the Alcatel EMS keystore file from the Alcatel EMS server into a certificate, use the following command:

     
    ./keytool -export -alias alias_name -keystore keystore_file -storepass 
    password -file certificate_file
     
     

    Where:

    alias_name is the keystore alias specified during Alcatel EMS keystore generation, for example: SAM13.

    keystore_file is the path to and name of the Alcatel EMS keystore file, for example: /opt/samserver.keystore.

    password is the Alcatel EMS keystore password, for example: the password of samserver.keystore.

    certificate_file is the path to and name of the certificate file to be created, for example: /opt/samcert.

  2. On the Netcool/OMNIbus probe server, you need to import the Alcatel EMS certificate either into an existing truststore or into a new truststore.

    To import the Alcatel EMS certificate into an existing truststore, you need to point an alias to a key entry as the certificate reply. The alias must be the same as that specified during Alcatel EMS server keystore file generation, for example:

     
     ./keytool -import -trustcacerts -alias alias_name -file certificate_file
     -keystore truststore_file -storepass password
     
     

    To import the Alcatel EMS certificate into a new truststore, make sure that the alias that you specify does not already exist in your truststore, for example:

     
    ./keytool -import -trustcacerts -alias new_alias_name -file 
    certificate_file -keystore truststore_file -storepass password
     
     

    In the preceding examples:

    alias_name is the keystore alias specified during Alcatel EMS keystore generation, for example: SAM13.

    new_alias_name is the keystore alias of a new keystore, for example: samprobe.

    certificate_file is the path to and name of the certificate file created earlier, for example: /opt/samcert.

    truststore_file is the path to and name of the truststore file that will contain the imported certificate, for example: /opt/samserver.truststore

    password is the Alcatel EMS keystore password, for example: the password of samserver.truststore.

  3. Verify that the certificate has been imported into the keystore using the following command:
     
    ./keytool -list -v -keystore truststore_file
    
     

    Where:

    truststore_file is the path to and name of the truststore file generated, for example: /opt/alusam.trustStore.

Note: For more details about configuring SSL security for the Alcatel-Lucent 5620 SAM server (including instructions about obtaining certificate files), refer to the Alcatel 5620 SAM Installation and Upgrade Guide.

Configuring the probe

To configure the probe to connect to the Alcatel-Lucent 5620 SAM server using an SSL connection, use the following steps:

  1. Set the probe's UseSSL property to true and configure the probe's HTTPPort property to use the default Alcatel EMS HTTPS port, 8443.
  2. Specify values for the following probe properties:
    • TrustStore: Specify the path of the probe's Java keystore that you created in the steps for importing the certificate into the truststore, for example: /opt/alusam.trustStore.
    • TrustStorePassword: Specify the password that you set for the Java keystore.
    • CertificateStore: Specify the path of the certificate keystore. This will be the same value as that set for the TrustStore property unless you manage them in different keystore files.
    • CertificateStorePassword: Specify the password set for the certificate keystore.

You can set both the TrustStore property and the CertificateStore property to the same keystore file where the license file is imported, or you can specify different keystore files.

Example SSL configuration property settings

The following example shows SSL configuration settings from the properties file of an example Probe for Alcatel-Lucent 5620 SAM v13:

Host                       : "198.162.20.21"
HTTPPort                  : 8443
UseSSL                    : "true"
TrustStore                  : "/opt/alusam.trustStore"
TrustStorePassword          : "newpassword"
CertificateStore          : "/opt/alusam.trustStore"
CertificateStorePassword    : "newpassword"