Chapter 3 System PreparationHPSS Installation Guide September 2002 177Release 4.5, Revision 2-dname "cn=HPSS Data Server" -alias hpss_ssmds \-keystore keystore.ds -validity 365ii. Display the fingerprint for the certificate:% $JAVA_HOME/bin/keytool -keystore keystore.ds -list -viii. Export the certificate to the temporary file ds.cer:% $JAVA_HOME/bin/keytool -keystore keystore.ds -export \-alias hpss_ssmds -file ds.cerC. Set up SSMDS for normal or low security mode:i. For normal security mode, the administrator will be prompted for the password tothe keystore file when the SSMDS begins execution.This means the Data Server may not be started automatically from inittab. To runin normal security mode, make sure theHPSS_SSMDS_KEYSTORE_PASSWORD variable is set to "PROMPT" in thehpss_env file.This is the recommended operational mode.ii. For low security mode, the SSMDS will read the password to its keystore from afile at startup. To run in low security mode, make sure theHPSS_SSMDS_KEYSTORE_PASSWORD variable is not set to anything inhpss_env, and store and protect the keystore password:% vi keystore.ds.pwEnter into file & save.% chmod 600 keystore.ds.pwThis is not the recommended operational mode.D. Set up SSMDS Java security policy file% cp /opt/hpss/config/templates/java.policy.ds.template \java.policy.ds% chmod 640 java.policy.ds% vi java.policy.dsChange "*.hpss.acme.com" to appropriate host info, such as "*.clearlake.ibm.com", inthe following section:grant { permission java.net.SocketPermission"*.hpss.acme.com:1024-","connect,accept,listen,resolve"; };Save change and exit vi.E. Set up the Client authorization file
