If I want to install my own "3rd Party" certificate for the Web Management Console (aka "the Modern UI"), the documentation at https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v133148073-132525226 says I need to generate a Java Keystore file and a "keystore password file".
The Java Keystore isn't a big deal, Oracle's documentation on how to create a keystore, give it a password, and store a certificate in it is good enough. But I can't find anything that leads me to believe that a "keystore password file" is than the figment of the imaginations of several people at Veritas.
Who else has installed a third party certificate for the 8.1.2 modern web UI? And how did you create the keystore password file?
Am I correct in assuming that your question relates to steps 2 and 3 shown below and the fact that, unless you're specifically familiar with these concepts, "Convert the third-party certificate" & "Create a keystore password file" are not tasks that you can easily perform on your master server unless you know anything about security and certificates?
Yes, that's what I'm asking. And while it's not somehting I do every day, I'm not a complete noob when it comes to PKI and SSL certificates. I just don't deal with Java development, so a Keystore is new to me.
I can do a CSR and get a cert from my local Windows CA, but seriously, try a Google search of "Keystore Password file" there are no relevent search results.
Well I am a noob in this domain. My point being that the documentation should be a bit more helpful and not assume that everybody knows everything about everything.
Just to chime in, last week I was reading the Administrator Guide I and on less than 2 hours I noticed 3 errors that confused me. Ended up wasting lot more time trying to verify that the problem was not my understanding but the documentation itself. The quality of documentation definitely needs to improve for NetBackup.
A couple of weeks ago, at Microsoft Ignite, I happened to meet a Senior Product Manager from Veritas, and when asked about what I thought could be improved about NBU, documentation was one of my key points.
But I'd still really like an answer to my original question.
The keystore password file is just a file containing the password to access JAVA keystore file. It could be any name or extension
To import the CA certificate I would use the below keytool
keytool -importcert -noprompt -trustcacerts -file certificate.crt -keystore test.jks -storepass password2 -alias testCA
So my password file would be any file which contains the text as - "password2" in it (without quotes)
Let me know if you face any issues or need any help with any commands while trying to setup the 3rd party certificates and I can try to help you out