The current voyence-ssl.keystore file in NCM 9.4.2 AS reflects two Alias
1) selfsigned-ip
2) selfsigned
We need to add one more alias in the list and that is for Hostname as CN.
Below is the example output when we extract/list the certificates from voyence-ssl.keystore.
###########################################
[root@yyy ~]# /opt/smarts-ncm/java/bin/keytool -v -list -keystore /opt/smarts-ncm/conf/voyence-ssl.keystore
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: selfsigned-ip
Creation date: 01-Mar-2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Serial number: 5cfd26a5
Valid from: Wed Mar 01 01:42:19 GMT 2017 until: Fri Jan 08 01:42:19 GMT 2027
Certificate fingerprints:
MD5: 60:50:28:D6:97:04:71:C3:2E:4A:78:51:0C:61:A0:B6
SHA1: 4E:30:4B:29:57:FA:56:C5:CF:9C:55:9F:9B:1B:9D:25:9C:AF:91:32
SHA256: 7A:8A:45:D2:A7:52:95:F0:FE:CA:3A:05:49:55:4A:D1:A8:B3:F5:09:D4:BF:D0:9A:01: 7F:0A:3E:11:CA:0D:4A
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 34 72 E0 31 27 88 BD CA A7 8F 9A 82 53 FF 11 52 4r.1'.......S..R
0010: 92 CB C7 59 ...Y
]
]
*******************************************
*******************************************
Alias name: selfsigned
Creation date: 01-Mar-2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Serial number: 41268a4
Valid from: Wed Mar 01 01:42:18 GMT 2017 until: Fri Jan 08 01:42:18 GMT 2027
Certificate fingerprints:
MD5: BB:06:F6:F0:BD:31:33:C9:63:C2:FB:13:72:DA:0B:9D
SHA1: D3:3C:44:D0:6C:5C:94:27:54:5C:03:51:FA:05:9E:C0:BC:0E:66:02
SHA256: 67:6D:03:1D:92:0B:A7:CC:87:55:8E:8D:D6:18:FC:D8:D3:5B:68:63:3F:3B:8C:FF:5A: CA:88:8B:75:02:CB:06
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E7 97 64 81 19 DE 8B 13 81 AE 35 D1 2A E0 CB E9 ..d.......5.*...
0010: F6 DF E0 0D ....
]
]
*******************************************
*******************************************
[root@yyy ~]#
##############################################
From the above output you see that two alias are already present with their respective "CN", "OU", "O", "ST" and "C"
One with IP:
Owner: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
and one with FQDN:
Owner: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
In same way we need to add an alias for hostname, something like
Owner: CN=test01, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
So that all the certificates would contain IP, Hostname and FQDN as three different alias.
Change:
Here are the steps to add the hostname to the voyence-ssl.keystore file.
1) Execute: source /etc/voyence.conf
2) Take a backup of makekeystore.pl script under $VOYENCE_HOME/bin/
3) Copy the attached makekeystore.pl script to $VOYENCE_HOME/bin/ directory.
4) Run the script. perl makekeystore.pl
This would now generate certificate with all 3 alias as expected.