Configuring SSL connections
If the Alcatel-Lucent 5620 SAM server is using a Secure Socket Layer (SSL) connection to encrypt data exchanged over JMS and HTTP, you will need to configure the truststore for the HTTPS connection on the Netcool/OMNIbus probe server.
Importing a certificate file into the truststore
To import a certificate file into the truststore, use the following steps:
- Either obtain the Alcatel EMS security certificate
from the certificate authority (CA) or, if you
have the appropriate user access, export the Alcatel EMS keystore
into a certificate on the Alcatel EMS server. Refer to the note below
for details of where to find instructions about obtaining certificate
files and how to generate a keystore file.
To export the Alcatel EMS keystore file from the Alcatel EMS server into a certificate, use the following command:
./keytool -export -alias alias_name -keystore keystore_file -storepass password -file certificate_file
Where:
alias_name
is the keystore alias specified during Alcatel EMS keystore generation, for example: SAM13.keystore_file
is the path to and name of the Alcatel EMS keystore file, for example: /opt/samserver.keystore.password
is the Alcatel EMS keystore password, for example: the password of samserver.keystore.certificate_file
is the path to and name of the certificate file to be created, for example: /opt/samcert. - On the Netcool/OMNIbus probe server, you need to import the Alcatel
EMS certificate either into an existing truststore or into
a new truststore.
To import the Alcatel EMS certificate into an existing truststore, you need to point an alias to a key entry as the certificate reply. The alias must be the same as that specified during Alcatel EMS server keystore file generation, for example:
./keytool -import -trustcacerts -alias alias_name -file certificate_file -keystore truststore_file -storepass password
To import the Alcatel EMS certificate into a new truststore, make sure that the alias that you specify does not already exist in your truststore, for example:
./keytool -import -trustcacerts -alias new_alias_name -file certificate_file -keystore truststore_file -storepass password
In the preceding examples:
alias_name
is the keystore alias specified during Alcatel EMS keystore generation, for example: SAM13.new_alias_name
is the keystore alias of a new keystore, for example: samprobe.certificate_file
is the path to and name of the certificate file created earlier, for example: /opt/samcert.truststore_file
is the path to and name of the truststore file that will contain the imported certificate, for example: /opt/samserver.truststorepassword
is the Alcatel EMS keystore password, for example: the password of samserver.truststore. - Verify that the certificate has been imported into the keystore
using the following command:
./keytool -list -v -keystore truststore_file
Where:
truststore_file
is the path to and name of the truststore file generated, for example: /opt/alusam.trustStore.
Configuring the probe
To configure the probe to connect to the Alcatel-Lucent 5620 SAM server using an SSL connection, use the following steps:
- Set the probe's UseSSL property to true and configure the probe's HTTPPort property to use the default Alcatel EMS HTTPS port, 8443.
- Specify values for the following probe properties:
- TrustStore: Specify the path of the probe's Java keystore that you created in the steps for importing the certificate into the truststore, for example: /opt/alusam.trustStore.
- TrustStorePassword: Specify the password that you set for the Java keystore.
- CertificateStore: Specify the path of the certificate keystore. This will be the same value as that set for the TrustStore property unless you manage them in different keystore files.
- CertificateStorePassword: Specify the password set for the certificate keystore.
You can set both the TrustStore property and the CertificateStore property to the same keystore file where the license file is imported, or you can specify different keystore files.
Example SSL configuration property settings
The following example shows SSL configuration settings from the properties file of an example Probe for Alcatel-Lucent 5620 SAM v13:
Host : "198.162.20.21"
HTTPPort : 8443
UseSSL : "true"
TrustStore : "/opt/alusam.trustStore"
TrustStorePassword : "newpassword"
CertificateStore : "/opt/alusam.trustStore"
CertificateStorePassword : "newpassword"