Retaining the CA Signed Certificate
Perform this procedure if you need to retain the CA signed SSL Certificate after upgrade.
When you configure a 3-node federation setup and apply external CA certificate, do the following:
-
Stop DCNM servers in Federation.
-
For Windows – Navigate to C:\Program Files\Cisco Systems\dcm\dcnm\bin. Double-click on the StopLANSANServer.bat to stop the services.
-
For Linux – Logon to /root. Execute /root/Stop_DCNM_Servers command to stop services.
-
-
Generate CA certificates for Primary Servers, and apply the same CA certificate in the three secondary servers.
-
Start the Primary server first, then the secondary, third server thereafter, on Federation.
Note that if you change the keystore password or alias, you need to update it in the standalone-san.xml document located at:
<DCNM_install_root>\dcm\wildfly-14.0.1.Final\standalone\configuration\standalone-san.xml
Update the password in the keystore tag and alias:
<keystore key-password>="<<storepass-pwd>> key-alias="updated-key-alias" keystore-password="updated-password" path="<DCNM_install_root>\dcm\wildfly-14.0.1.Final\standalone\configuration\fmserver.jks">
Note |
<<storepass-pwd>> is the password string generated while installing DCNM Server. This string is located in the <install dir>/dcm/fm/conf/serverstore.properties directory. Fetch the dcnm.fmserver.token value for the storepass-pwd. |
Procedure
Step 1 |
Backup the signed certificate from the location:
|
||
Step 2 |
Upgrade to Cisco DCNM Release . |
||
Step 3 |
After upgrade, copy the certificate to the same location on the upgraded version of the Cisco DCNM.
|
||
Step 4 |
Restart the DCNM Services. |