No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor BCManager 6.5.0 eReplication User Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Replacing the Tomcat Certificate of the eReplication Server

Replacing the Tomcat Certificate of the eReplication Server

Function

For security purposes, users may want to use a Secure Socket Layer (SSL) certificate issued by a third-party certification authority. The eReplication Server allows users to replace the Tomcat certificate of users but the users must provide the Tomcat certificate and public/private key pair. The update to the certificate can take effect only after eReplication is restarted. Update the certificate in off-peak hours.

Format

  • Windows: replace_cert.bat
  • Linux: replace_cert.sh

Parameters

None

Usage Guidelines

  • Windows
    1. Log in to the eReplication Server as an administrator.
    2. Go to the installation path\bin directory of the eReplication Server.
      NOTE:

      In Windows, the default installation path of the eReplication Server is C:\BCManager\Runtime. The installation path is user-definable. You are advised not to install the eReplication Server on a system disk.

    3. Double-click the shutdownSystem.bat file, enter y and press Enter to stop the eReplication Server.
    4. Double-click the replace_cert.bat file to replace the Tomcat certificate.
    5. Enter the path of the key store and certificate file name. For example, enter C:\jks.keystore and press Enter.
      NOTE:

      Do not save the new certificate to the installation path\Tomcat6\certs directory since the old certificate is stored under the directory.

    6. Enter the file type of the key store (the JKS, JCEKS, and PKCS12 file type are supported) and press Enter.
    7. Enter the correct password for the certificate and press Enter.
    8. Enter y and press Enter. The certificate is replaced.
    9. Double-click the startSystem.vbe file to restart the eReplication Server.
  • Linux
    1. Use PuTTY to log in to the eReplication Server management server.
      • In template-based installation mode: Log in as user DRManager, and run the su root command to switch to user root.
      • In software package-based installation mode: Log in as user root.
      NOTE:
      The default password of user DRManager is Huawei@CLOUD8. In template-based installation mode, the default password of user root is Huawei@CLOUD8!.
    2. Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.
      NOTE:

      After you run this command, the system continues to run when no operation is performed, resulting a risk. For security purposes, you are advised to run exit to exit the system after completing your operations.

    3. Run cd /opt/BCManager/Runtime/bin command to enter the script save path.
      NOTE:

      In Linux, the installation path of the eReplication Server is /opt/BCManager. The path is fixed.

    4. Run the sh shutdownSystem.sh command, enter y and press Enter to stop the eReplication Server.
    5. Run the sh replace_cert.sh command to replace the Tomcat certificate.
    6. Enter the path of the key store and certificate file name. For example, enter /opt/jks.keystore and press Enter.
      NOTE:

      Do not save the new certificate to the /opt/BCManager/Runtime/Tomcat6/certs directory since the old certificate is stored under the directory.

    7. Enter the file type of the key store (the JKS, JCEKS, and PKCS12 file type are supported) and press Enter.
    8. Enter the correct password for the certificate and press Enter.
    9. Enter the correct password for the certificate and press Enter.
    10. Run the sh startSystem.sh command to start the eReplication Server.

Example

Linux is used as an example.

linux-h8g4:/opt/BCManager/Runtime/bin # sh shutdownSystem.sh 
You are about to stop the DR system.
This operation will stop the DR system. DR protection is unavailable when the DR system is stopped.

Suggestion: After the configuration is complete, restart the DR system as soon as possible.

Are you sure you want to stop the DR system? (y/n):y

The service is shutting down. Please wait...

The DR system is shut down successfully.
linux-h8g4:/opt/BCManager/Runtime/bin # sh replace_cert.sh
Please input cert file:/opt/server.jks
Please input the keystore type [JKS]: JKS
Please input secret key:
You are going to change the certfile of web,Are you sure you really want to perform the operation? (y/n): y
y
Change certfile successfully!
Translation
Download
Updated: 2019-05-21

Document ID: EDOC1100075861

Views: 17850

Downloads: 76

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next