No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V100R001C01 Security Maintenance 08

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacement Suggestions of Encryption Certificate and Private Key Used for Communication Between SystemReporter and WushanFS

Replacement Suggestions of Encryption Certificate and Private Key Used for Communication Between SystemReporter and WushanFS

The replacement of the encryption certificate and private key can ensure the secure system operating. The encryption certificate and private key on each node must be replaced according to the procedure listed in this section.

To ensure device security, you are advised to replace and update the encryption certificate and private key used for cluster management process communication between SystemReporter and WushanFS periodically.

You need to perform the following operations on each node to replace the encryption certificate and private key. The back-end IP address 10.99.1.2 of a non-primary node is used as an example in this section.

  1. Back up the original certificate of each node.

    1. Use PuTTY to connect the node to the management IP address and enter ssh 10.99.1.2 to go to the node.
    2. Run the following commands to back up the certificate and private key.

      cd /opt/huawei/snas/etc

      cp sslcert.pem sslcert.pem_bak

      cp sslkey.pem sslkey.pem_bak

  2. Upload the certificate and private to the cluster.

    Use Filezilla to upload the certificate and private key to the /opt/huawei/snas/etc directory of the node where the management IP address resides.

    The file name must be sslcert.pem sslkey.pem in Privacy Enhanced Mail (pem) format. Set a password for sslkey.pem.

    NOTE:
    The password must be 8 to 32 characters in length and contains at least two types of lowercase letters, uppercase letters, digits, and special characters.
  3. Copy the certificate and private key to the /opt/huawei/snas/etc directory of other nodes.

    Run the following commands on the node where the management IP address resides.

    cd /opt/huawei/snas/etc

    scp sslcert.pem root@10.99.1.2:/opt/huawei/snas/etc/

    scp sslkey.pem root@10.99.1.2:/opt/huawei/snas/etc/

  4. Restart the snas_cm process to make the new certificate and private key take effect.
    1. Run cd /opt/huawei/snas/sbin/ command.
    2. Run ./mml 10.99.1.2 4016 command.
    3. Run cm updatecertificate password command.

      password is the password for sslkey.pem.

Download
Updated: 2018-10-27

Document ID: EDOC1000042184

Views: 7747

Downloads: 177

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next