HP

HP Systems Insight Manager Technical Reference Guide

English
  Networking and Security  |  Server Certificates  |  Replicating Trusted Certificates   

Replicating Trusted Certificates

»Table of Contents
»Index
»Notices
»Introduction
»Product Overview
»Getting Started
»Discovery and Identification
»Users and Authorizations
»Networking and Security
»About Login
»About Secure Task Execution
»Configuring the System Link
»Configuring Login Events
»Configuring Browser Timeout Options
»Server Certificates
»Exporting a Server Certificate
»Editing a Server Certificate
»Creating a Server Certificate
»Importing a Server Certificate
»Creating a Certificate Signing Request
»Submitting a Certificate Signing Request
»Importing a CA-Signed Certificate
»Synchronizing Certificates
Replicating Trusted Certificates
»Trusted Certificates
»Monitoring Systems, Clusters, and Events
»Storage Integration
»Managing with Tasks
»Tools that Extend Management
»Partner Applications
»Reporting
»Administering Systems and Events
»Troubleshooting
»Reference Information
»Printable version
»Glossary
»Using Help
» Migrating Trusted System Certificates from the Source CMS to the Target CMS
» Replicating the Trusted Certificates and Trust Mode from the Source CMS to Trusted Managed Systems using the Replicate Agent Settings Feature
» Related Procedures
» Related Topic

System Administrators that have the HP Systems Insight Manager (HP SIM) Require Trusted Certificates feature enabled can replicate the trusted certificates list to other HP SIM systems. If you do not use the Require Trusted Certificates feature of the HP SIM for a two-way trust solution, this is not necessary.

Migrating Trusted System Certificates from the Source CMS to the Target CMS

There are two options available to migrate the trusted certificates from a source central management server (CMS) to a target CMS. The first option can be used when the source CMS has large number of trusted certificates and the second option can be used when a source CMS has a lower number of trusted certificates.

Migrating certificates when the source CMS has a large number of trusted certificates

Warning: You will lose the existing SSL Server Key and certificate on the target CMS and must re-establish the trust relationship with any agents configured to trust the target CMS. Refer to Step 13.

  1. Sign into HP SIM on the source CMS system with administrative privileges.

  2. Go to <HPSIM Install folder>\Systems Insight Manager\config\certstor.

  3. Copy the files named hp.keystore and keyfile.3.

  4. Log into the target CMS system with administrative privileges.

  5. Go to the <HPSIM Install folder>\Systems Insight Manager\config\certstor directory.

  6. Replace hp.keystore and keyfile.3 files with the files copied.

  7. On the target CMS system, go to StartSettingsControl PanelAdministrative ToolsServices.

  8. Restart the HP SIM service.

    Note: You may see a browser warning indicating the name in the certificate does not match the name of the site. This is expected since you are temporarily using the certificate from the source CMS, but you can view the certificate displayed by the browser to ensure its authenticity before logging in.

  9. Sign into HP SIM on the target CMS with administrative privileges. Go to OptionsSecurityCertificatesServer Certificate.

  10. Click [New] and create a new server certificate.

  11. On the target CMS system, go to StartSettingsControl PanelAdministrative ToolsServices.

  12. Restart the HP SIM service.

  13. Install the new server certificate to required managed systems using the Replicate Agent Settings feature. For more information, refer to  "Replicating the Trusted Certificates and Trust Mode from the Source CMS to Trusted Managed Systems using the Replicate Agent Settings Feature" .

Migrating certificates when the source CMS has a lower number of trusted certificates

  1. Log into the source CMS system with administrative privileges.

  2. Go to OptionsSecurityCertificatesTrusted Certificate.

  3. Select a certificate and click [Export].

  4. Save the certificate locally.

  5. Repeat the steps 2 and 3 for all certificates listed on the Trusted System Certificates page.

  6. Copy all exported certificates to the target CMS system.

  7. Sign into HP SIM on the target CMS with administrative privileges.

  8. Go to OptionsSecurityCertificatesTrusted Certificate.

  9. Click [Import].

  10. Click [Browse] and select a certificate.

  11. Click [OK].

  12. Repeat the last three steps for all certificates.

Replicating the Trusted Certificates and Trust Mode from the Source CMS to Trusted Managed Systems using the Replicate Agent Settings Feature

This section assumes the agents are already configured to trust the source CMS.

This configures the agents to trust only the new target CMS. If trust for the original source CMS is still desired, duplicate steps 5, 6, and 13 (or 16) using the source CMS.

  1. Log into the System Management Homepage on the target CMS.

  2. Go to SettingsSecurityTrust Mode.

  3. Select Trust by Certificate and click [Save Configuration].

  4. Go to SettingsSecurityTrusted Management Servers.

  5. Enter the IP address of the target CMS in the field adjacent to [Add Certificate From Server].

  6. Click [Add Certificate From Server].

  7. Sign into HP SIM on the source CMS with administrative privileges.

  8. Go to ConfigureReplicate Agent Settings.

  9. From Select Target Systems page, select all managed systems that are configured to trust the source CMS.

  10. Click Apply Selections and click [Next].

  11. Select the target CMS as source and click [Next].

    Note: If the source system does not have HP SIM, skip to step 15.

  12. In the source configuration settings page, go to System Management HomepageSettingsConfiguration Options Properties and select Trust Mode.

  13. Go to System Management HomepageSettingsTrusted Certificate Properties and select Trusted Certificate of the target CMS.

  14. In the source configuration settings page, go to HTTP ServerConfigurationOptions Properties and select Trust Mode.

  15. Go to HTTP ServerTrusted Certificates Properties and select Trusted Certificate of the target CMS.

  16. Click [Run Now]. The CMS certificates are replicated on the selected managed systems.

Related Procedures

» Replicate Agent Settings - Creating a Replicate Agent Settings Task
» Server Certificates - Exporting a Server Certificate
» Server Certificates - Editing a Server Certificate
» Server Certificates - Creating a Server Certificate
» Server Certificates - Importing a Server Certificate
» Server Certificates - Synchronizing Certificates
» Server Certificates - Creating a Certificate Signing Request
» Server Certificates - Submitting a Certificate Signing Request
» Server Certificates - Importing a CA-Signed Certificate

Related Topic

» HP Systems Insight Manager Technical Reference Guide - Networking and Security
» Tools that Extend Management - Installing OpenSSH
» Administering Systems and Events - Managing SSH Keys