Smarts NCM: How to add Hostname as alias in voyence-ssl.keystore?
search cancel

Smarts NCM: How to add Hostname as alias in voyence-ssl.keystore?

book

Article ID: 330860

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

The current voyence-ssl.keystore file in NCM 9.4.2 AS reflects two Alias 
1) selfsigned-ip
2) selfsigned

We need to add one more alias in the list and that is for Hostname as CN.
Below is the example output when we extract/list the certificates from voyence-ssl.keystore.

###########################################
[root@yyy ~]# /opt/smarts-ncm/java/bin/keytool -v -list -keystore /opt/smarts-ncm/conf/voyence-ssl.keystore
Enter keystore password:

***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: selfsigned-ip
Creation date: 01-Mar-2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US

Serial number: 5cfd26a5
Valid from: Wed Mar 01 01:42:19 GMT 2017 until: Fri Jan 08 01:42:19 GMT 2027
Certificate fingerprints:
MD5: 60:50:28:D6:97:04:71:C3:2E:4A:78:51:0C:61:A0:B6
SHA1: 4E:30:4B:29:57:FA:56:C5:CF:9C:55:9F:9B:1B:9D:25:9C:AF:91:32
SHA256: 7A:8A:45:D2:A7:52:95:F0:FE:CA:3A:05:49:55:4A:D1:A8:B3:F5:09:D4:BF:D0:9A:01: 7F:0A:3E:11:CA:0D:4A
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 34 72 E0 31 27 88 BD CA A7 8F 9A 82 53 FF 11 52 4r.1'.......S..R
0010: 92 CB C7 59 ...Y
]
]

*******************************************
*******************************************

Alias name: selfsigned
Creation date: 01-Mar-2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US

Serial number: 41268a4
Valid from: Wed Mar 01 01:42:18 GMT 2017 until: Fri Jan 08 01:42:18 GMT 2027
Certificate fingerprints:
MD5: BB:06:F6:F0:BD:31:33:C9:63:C2:FB:13:72:DA:0B:9D
SHA1: D3:3C:44:D0:6C:5C:94:27:54:5C:03:51:FA:05:9E:C0:BC:0E:66:02
SHA256: 67:6D:03:1D:92:0B:A7:CC:87:55:8E:8D:D6:18:FC:D8:D3:5B:68:63:3F:3B:8C:FF:5A: CA:88:8B:75:02:CB:06
Signature algorithm name: SHA256withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E7 97 64 81 19 DE 8B 13 81 AE 35 D1 2A E0 CB E9 ..d.......5.*...
0010: F6 DF E0 0D ....
]
]

*******************************************
*******************************************

[root@yyy ~]# 
##############################################

From the above output you see that two alias are already present with their respective "CN", "OU", "O", "ST" and "C"

One with IP:
Owner: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=10.X.X.X, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US


and one with FQDN:
Owner: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01.emc.com, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US


In same way we need to add an alias for hostname, something like 
Owner: CN=test01, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US
Issuer: CN=test01, OU=Product Delivery, O=EMC, L=Richardson, ST=Texas, C=US


So that all the certificates would contain IP, Hostname and FQDN as three different alias.

Change:
              Here are the steps to add the hostname to the voyence-ssl.keystore file.
              1) Execute: source /etc/voyence.conf
              2) Take a backup of makekeystore.pl script under $VOYENCE_HOME/bin/
              3) Copy the attached makekeystore.pl script to $VOYENCE_HOME/bin/ directory. 
              4) Run the script. perl makekeystore.pl 

This would now generate certificate with all 3 alias as expected.


Attachments

makekeystore.pl get_app