HP

HP Systems Insight Manager Technical Reference Guide

English
  Networking and Security  |  Server Certificates  |  Creating a Server Certificate   

Creating a Server Certificate

»Table of Contents
»Index
»Notices
»Introduction
»Product Overview
»Getting Started
»Discovery and Identification
»Users and Authorizations
»Networking and Security
»About Login
»About Secure Task Execution
»Configuring the System Link
»Configuring Login Events
»Configuring Browser Timeout Options
»Server Certificates
»Exporting a Server Certificate
»Editing a Server Certificate
Creating a Server Certificate
»Importing a Server Certificate
»Creating a Certificate Signing Request
»Submitting a Certificate Signing Request
»Importing a CA-Signed Certificate
»Synchronizing Certificates
»Replicating Trusted Certificates
»Trusted Certificates
»Monitoring Systems, Clusters, and Events
»Storage Integration
»Managing with Tasks
»Tools that Extend Management
»Partner Applications
»Reporting
»Administering Systems and Events
»Troubleshooting
»Reference Information
»Printable version
»Glossary
»Using Help
» Related Procedures
» Related Topic

Users with full-configuration-rights can create a new self-signed certificate when they must replace the HP Systems Insight Manager (HP SIM) Secure Sockets Layer (SSL) server certificate and private key under the following situations:

  • The integrity of the HP SIM server certificate private key is compromised.

  • The existing HP SIM server certificate expires.

This self-signed certificate is configured to expire 10 years from its date of creation.

Create a new self-signed certificate when you must replace the HP SIM SSL server certificate and private key. The public key is included in the certificate that goes out to the client. The private key is kept secure in the keystore database on the HP SIM server file system. The public and private key pair of the System Management Homepage (residing on the same system) is overwritten with the new HP SIM public and private key pair.

Replacing the SSL server certificate and private key invalidates the existing HP SIM server certificate and the System Management Homepage certificate wherever they might be imported, such as browsers and Trusted Management Servers List in other System Management Homepages. Replace the previous server certificate with the new server certificate, in accordance with your security practices, to return to the same level of functionality you had before.

This process also replaces the local System Management Homepage certificate and private key and updates the certificate sharing directory with a new server certificate and private key.

Valid characters for each of these fields are a through z (lowercase), A through Z (uppercase), 0 through 9, and the following special characters: ‘ ( ) + , - . / : ? space _ and ~. Each field must contain at least one non-white space character.

To create a new certificate:

  1. Select OptionsSecurityCertificatesServer Certificates, and then click [New]. The New Server Certificate section appears and the fields are automatically populated with default values.

  2. (Optional) Change the following fields:

    1. The Common Name (CN) field holds the parameter that the browser uses for name comparison when browsing to the central management server. This field can be updated with other name formats, such as fully qualified names and can contain up to 255 characters.

    2. In the Organization (O) field, enter the name of your organization. This field can contain up to 64 characters.

    3. In the Organizational Unit (OU) field, enter the name of your department. This field can contain up to 64 characters.

    4. In the Locality (L) field, enter the name of your city. This field can contain up to 128 characters.

    5. In the State (S) field, enter the name of your state. This field can contain up to 128 characters.

    6. In the Country (C) field, enter the name of your country. This field can contain up to two alphanumeric characters, using the two-letter country codes.

  3. After changes are made, click [OK]. If you click [Cancel], you are returned to the Server Certificate page without creating a new server certificate. A warning appears, reminding you of the effects of changing the certificate and private key. If you click [OK] in the warning box to continue, a new 1,024-bit key-pair and a new self-signed certificate are generated. The old key-pair and certificate are not retrievable unless a backup was created manually before this process. The new certificate and private key take effect the next time HP SIM is restarted.

  4. Reboot the HP SIM server to ensure the new certificate is properly synchronized with the local System Management Homepage and any applications or components using the certificate sharing directory. After creating a new server certificate, reboot the HP SIM server for the HP SIM server certificate to be synchronized with the HTTP server certificate. Synchronizing the certificates prevents repeated browser security alerts when browsing to HP Insight Management Agent on the HP SIM server.

Related Procedures

» Server Certificates - Exporting a Server Certificate
» Server Certificates - Importing a Server Certificate
» Server Certificates - Editing a Server Certificate
» Server Certificates - Synchronizing Certificates

Related Topic

» Networking and Security - Server Certificates
» Tools that Extend Management - Installing OpenSSH
» Administering Systems and Events - Managing SSH Keys