Obtains a public certificate from LDAP to and creates a truststore
that is shared by the administrative infrastructure to certify secure connections.
This command replaces any existing truststore on the local engine.

>>-mktruststore--+------+--------------------------------------><
+-path-+
'- – --'
Parameters
- path
- Specifies the full directory path to import an existing LDAP certificate
into the new truststore file being created. The certificate cannot be added
to an existing truststore because a new truststore will be created. If not
specified, an LDAP certificate will not be added to the new truststore.
Note: An
LDAP certificate is required to obtain secure communication with the LDAP
server.
- –
- Specifies that you want to read the path from stdin (for example, – <<
/work/path.txt).
Prerequisites
The
cimom.properties file must be set up prior to using this command.
The
tank.properties file must exist. It is used by the mktruststore command
to determine the language being used.
This task must be performed only
by trained service technicians.
Description
Note: This
command is run from the shell prompt from the /usr/tank/admin/bin directory.
It is not run inside of sfscli.
The truststore file resides in the /usr/tank/admin/ directory.
You
would use the
mktruststore command is used in these
circumstances:
- During installation, the mktruststore command
is run automatically by the setupTank script on
the first engine. Because the truststore file must be exactly the same on
every engine in the cluster, you must copy the truststore file from one engine
to each remaining engine in the cluster before running setupTank on those
engines.
- When replacing an expired truststore file. The truststore file is valid
for one year.
- When you need to change the truststore (for example, if security is breached).
You may change the truststore at any time; however, it must be the same on
every engine in the cluster. The Administrative agent must be restarted any
time the truststore is changed by issuing the stopcimom and startcimom commands.
The user interfaces (SAN File System console and Administrative command-line
interface) connection will be broken when the Administrative agent is stopped.
Example
Create truststore The following example creates
a truststore and imports the LDAP certificate ldap.cert from the local directory:
mktruststore ldap.cert
Creating truststore file.
The truststore was created successfully
Certificate was added to keystore.