Installing the broadcom advanced control suite – Dell Broadcom NetXtreme Family of Adapters User Manual

Linux Management Application Installation: Broadcom NetXtreme BCM57XX User Guide

file:///C|/Users/Nalina_N_S/Documents/NetXtreme/English/lnx_bacs.htm[9/5/2014 3:32:23 PM]

6. Enter the following command to verify the generated self-signed certificate.

openssl verify server.crt

The following output displays:

server.crt:/C=US/ST=California/L=Irvine/O=Broadcom Corporation/OU=Engineering/CN=MGMTAPP-
LAB3/emailAddress=
error 18 at 0 depth lookup:self signed certificate
OK

Ignore the error message "error 18 at 0 depth lookup:self signed certificate". This error indicates that this is a self-
signed certificate.

7. Convert the certificate from "crt" to "pkcs12" format, as follows:

For a Windows server, the certificate should be in pkcs12 format. Enter the following command:

openssl pkcs12 -export -in server.crt -inkey server.key -out hostname.pfx

You will be prompted for the following:

Enter Export Password:
Verifying - Enter Export Password:

Enter the password and be sure to remember it. The password is required when importing the certificate on the
Windows server and client.

8. Make a copy of the certificate file server.crt and place it on the server where BACS will be installed, so that it can be

imported. If you plan to use a Windows or Linux client to connect to the server running BACS, then the certificate also
needs to be transferred (copied and pasted) to the client system.

In Linux, the certificate should have the extension ".pem". The extension ".crt" and ".pem" are the same, so there is
no need to use the openssl command to convert from .crt to .pem. You can simply copy the file as-is.

NOTE: A separate certificate must be generated for an IPv4 address, IPv6 address, and Hostname.

Import Self-Signed Certificate on Linux Client

On Linux distributions, note the following certificate directory:

For all SuSE versions, the certificate directory is /etc/ssl/certs.

For RedHat, the certificate directory can be different for each version. For some versions, it is /etc/ssl/certs or
/etc/pki/tls/certs

. For other versions, find out the certificate directory.

Copy hostname.pem, which you created in

Generate a Self-Signed Certificate for Windows/Linux Server

, into the certificate

directory of the Linux client. For example, if the certificate directory is /etc/ssl/certs, copy hostname.pem to
/etc/ssl/certs

.

1. Change directory to /etc/ssl/certs.

2. Create a hash value by running the following command.

openssl x509 -noout -hash -in hostname.pem

A value such as the following will be returned.

100940db

3. Create a symbolic link to the hash value by running the following command:

ln -s hostname.pem 100940db.0

Test HTTPS/SSL Connection from Linux Client

Use the following command to test whether the certificate is installed correctly on Linux:

# curl -v --capath /etc/ssl/certs https://Hostname or IPAddress:5986/wsman

If this fails, then the certificate is not installed correctly and an error message displays, indicating to take corrective action.

Installing the Broadcom Advanced Control Suite