To enable TLS for NFM-P XML API clients
Purpose
The following steps describe how to enable TLS for all XML API client communication with the NFM-P.
|
CAUTION
Service Disruption |
Performing the procedure involves stopping and starting each main server, which is service-affecting.
You must perform the procedure only during a scheduled maintenance window.
Note: You require the following user privileges on the main server station:
Note: The Bash shell is the supported command shell for RHEL CLI operations.
Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:
-
# —root user
-
bash$ —nsp user
Steps
|
|
1 |
Perform the following on each main server station to stop the main server.
Note: In a redundant system, you must stop the standby main server first.
-
Log in to the main server station as the nsp user.
-
Enter the following:
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
Enter the following:
bash$ ./nmsserver.bash stop ↵
-
Enter the following:
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully stopped if the status is the following:
Application Server is stopped
If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.
-
Enter the following to switch to the root user:
bash$ su ↵
-
If the NFM-P is not part of a shared-mode NSP deployment, enter the following to display the nspOS service status:
# nspdctl status ↵
Information like the following is displayed.
Mode: redundancy_mode
Role: redundancy_role
DC-Role: dc_role
DC-Name: dc_name
Registry: IP_address:port
State: stopped
Uptime: 0s
SERVICE STATUS
service_a inactive
service_b inactive
service_c inactive
You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.
|
2 |
When the main servers are stopped, perform the following on each main server station.
-
Enter the following:
# samconfig -m main ↵
The following is displayed:
Start processing command line inputs...
<main>
-
Enter the following:
<main> configure oss secure back ↵
The prompt changes to <main configure>.
-
Enter the following:
<main configure> back ↵
The prompt changes to <main>.
-
Enter the following:
<main> apply ↵
The configuration is applied.
-
Enter the following:
<main> exit ↵
The samconfig utility closes.
|
3 |
Perform the following on each main server station to start the main server.
Note: In a redundant system, you must start the primary main server first.
-
Enter the following to switch back to the nsp user:
# exit ↵
-
Enter the following:
bash$ cd /opt/nsp/nfmp/server/nms/bin ↵
-
Enter the following:
bash$ ./nmsserver.bash start ↵
-
Enter the following:
bash$ ./nmsserver.bash appserver_status ↵
The server status is displayed; the server is fully initialized if the status is the following:
Application Server process is running. See nms_status for more detail.
If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
|
4 |
Perform the following steps on each XML API client station.
-
If you deployed TLS using a PKI server, perform one of the following.
-
Transfer the ca.pem certificate file from the PKI server station to the OSS client station.
-
Use the PKI server REST API to obtain the certificate; see the online NSP REST API documentation for information.
-
If you deployed TLS using the manual method, transfer your certificate file to the OSS client station.
-
Import the TLS certificate from the certificate file to the TLS certificate store of the client station OS; see the OS documentation for information about importing a certificate.
-
Modify each main server XML API URL on the OSS client station:
End of steps |