To enable TLS for NFM-P XML API clients

Purpose

The following steps describe how to enable TLS for all XML API client communication with the NFM-P.

CAUTION 

CAUTION

Service Disruption

Performing the procedure involves stopping and starting each main server, which is service-affecting.

You must perform the procedure only during a scheduled maintenance window.

Note: You require the following user privileges on the main server station:

Note: The Bash shell is the supported command shell for RHEL CLI operations.

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

Steps
 

Perform the following on each main server station to stop the main server.

Note: In a redundant system, you must stop the standby main server first.

  1. Log in to the main server station as the nsp user.

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch to the root user:

    bash$ su ↵

When the main servers are stopped, perform the following on each main server station.

  1. Enter the following:

    samconfig -m main ↵

    The following is displayed:

    Start processing command line inputs...

    <main>

  2. Enter the following:

    <main> configure oss secure back ↵

    The prompt changes to <main configure>.

  3. Enter the following:

    <main configure> back ↵

    The prompt changes to <main>.

  4. Enter the following:

    <main> apply ↵

    The configuration is applied.

  5. Enter the following:

    <main> exit ↵

    The samconfig utility closes.

Perform the following on each main server station to start the main server.

Note: In a redundant system, you must start the primary main server first.

  1. Enter the following to switch back to the nsp user:

    exit ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash start ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Perform the following steps on each XML API client station.

  1. If you deployed TLS using a PKI server, perform one of the following.

    1. Transfer the ca.pem certificate file from the PKI server station to the OSS client station.

    2. Use the PKI server REST API to obtain the certificate; see the online NSP REST API documentation for information.

  2. If you deployed TLS using the manual method, transfer your certificate file to the OSS client station.

  3. Import the TLS certificate from the certificate file to the TLS certificate store of the client station OS; see the OS documentation for information about importing a certificate.

  4. Modify each main server XML API URL on the OSS client station:

    • Change http: to https:.

    • Change the URL port value from 8080 to 8443.

End of steps