Ensure that the PKI server is configured and running; see To configure and enable a PKI server.

Log in to the main server station as the nsp user.

Open a console window.

Stop the main server.

1. Enter the following:

   bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

2. Enter the following:

   bash$ ./nmsserver.bash stop ↵

3. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The main server is stopped when the following message is displayed:

   Main Server is stopped 

   If the command output indicates that the server is not completely stopped, wait five minutes and then re-enter the command in this step to check the server status.

   Do not proceed to the next step until the server is completely stopped.

4. Enter the following to switch to the root user:

   bash$ su ↵

5. If the NFM-P is not part of a shared-mode NSP deployment, enter the following to display the nspOS service status:

   # nspdctl status ↵

   Information like the following is displayed.

   Mode:     redundancy_mode

   Role:     redundancy_role

   DC-Role:  dc_role

   DC-Name:  dc_name

   Registry: IP_address:port

   State:    stopped

   Uptime:   0s

   SERVICE           STATUS

   service_a         inactive

   service_b         inactive

   service_c         inactive

   You must not proceed to the next step until all NSP services are stopped; if the State is not ‘stopped’, or the STATUS indicator of each listed service is not ‘inactive’, repeat this substep.

Enter the following:

# samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 

Enter the following:

<main> configure tls ↵

The prompt changes to <main configure tls>.

Enter the following:

<main configure tls> no keystore-file ↵

Enter the following:

<main configure tls> no truststore-file ↵

Perform one of the following:

1. Enter the following to use the default keystore password, which is available from technical support:

   <main configure tls> no keystore-pass ↵

2. Enter the following to assign a keystore password:

   <main configure tls> keystore-pass password ↵

   where password is the password to assign

Perform one of the following:

1. Enter the following to use the default truststore password, which is available from technical support:

   <main configure tls> no truststore-pass ↵

2. Enter the following to assign a truststore password:

   <main configure tls> truststore-pass password ↵

   where password is the password to assign

Enter the following:

<main configure tls> alias alias ↵

where alias is the keystore alias to assign

Enter the following:

<main configure tls> pki-server server ↵

where server is the PKI server IP address or hostname

If the PKI server is to use a port other than the default for servicing requests, enter the following:

<main configure tls> pki-server-port port ↵

where port is the PKI server port number

Enter the following:

<main configure tls> exit ↵

The prompt changes to <main>.

Enter the following:

<main> apply ↵

The configuration is applied.

The main server:

• generates a TLS certificate

• sends a CSR to the PKI server

• receives from the PKI server the signed TLS certificate

Enter the following:

<main> exit ↵

The samconfig utility closes.

Enter the following to return to the nsp user:

# exit ↵

Start the main server.

1. Enter the following:

   bash$ ./nmsserver.bash start ↵

2. Enter the following:

   bash$ ./nmsserver.bash appserver_status ↵

   The server status is displayed; the server is fully initialized if the status is the following:

   Application Server process is running.  See nms_status for more detail.

   If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Close the console window.

End of steps