To configure an NFM-P auxiliary server to request a PKI-server TLS certificate

Purpose

CAUTION

Service Disruption

Performing the procedure requires that you shut down the auxiliary server, which may be service-affecting.

If the auxiliary server is in service, ensure that you perform the procedure only during a scheduled maintenance period.

The following steps describe how to configure an NFM-P auxiliary server to request a new TLS certificate from a PKI server. This may be required during the initial installation of an auxiliary server, or whenever a new certificate is required.

Steps


1	Ensure that the PKI server is configured and running; see To configure and enable a PKI server.
2	Log in to the auxiliary server station as the nsp user.
3	Open a console window.
4	Stop the auxiliary server. Enter the following: `bash$` `cd /opt/nsp/nfmp/auxserver/nms/bin ↵` Enter the following: `bash$` `./auxnmsserver.bash auxstop ↵` Enter the following: `bash$` `./auxnmsserver.bash auxappserver_status ↵` The auxiliary server is stopped when the following message is displayed: `Auxiliary Server is stopped` If the command output indicates that the server is not completely stopped, wait five minutes and then re-enter the command in this step to check the server status. Do not proceed to the next step until the server is completely stopped.
5	Enter the following to switch to the root user: `bash$` `su - ↵`
6	Enter the following: `#` `samconfig -m aux ↵` The following is displayed: `Start processing command line inputs...` `<aux>`
7	Enter the following: `<aux>` `configure tls ↵` The prompt changes to `<aux configure tls>`.
8	Enter the following: `<aux configure tls>` `no keystore-file ↵`
9	Perform one of the following: Enter the following to use the default keystore password, which is available from technical support: `<aux configure tls>` `no keystore-pass ↵` Enter the following to assign a keystore password: `<aux configure tls>` `keystore-pass password ↵` where password is the password to assign
10	Enter the following: `<aux configure tls>` `pki-server server ↵` where server is the PKI server IP address or hostname
11	If the PKI server is to use a port other than the default for servicing requests, enter the following: `<aux configure tls>` `pki-server-port port ↵` where port is the PKI server port number
12	Enter the following: `<aux configure tls>` `exit ↵` The prompt changes to `<aux>`.
13	Enter the following: `<aux>` `apply ↵` The configuration is applied. The auxiliary server: generates a TLS certificate sends a CSR to the PKI server receives from the PKI server the signed TLS certificate
14	Enter the following: `<aux>` `exit ↵` The samconfig utility closes.
15	Enter the following to return to the nsp user: `#` `exit ↵`
16	Start the auxiliary server. Enter the following: `bash$` `./auxnmsserver.bash auxstart ↵` Enter the following: `bash$` `./auxnmsserver.bash auxappserver_status ↵` The server status is displayed; the server is fully initialized if the status is the following: `Auxiliary Server process is running. See auxnms_status for more detail.` If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.
17	Close the console window. End of steps