A.05.70 HP Insight Remote Support Advanced Operations Guide (October 2011, 5900-1727)
4. Export the Server Certificate from HP SIM:
a. In HP SIM browse to Options → Security → HP Systems Insight Manager Server Certificate
and click Export.
b. Click Save on the
File Download –Security Warning
window that is displayed.
c. Save the certificate to the folder created earlier as <system-fqdn>.cer.
d. Record the Common Name field under Issued By. This is the name of the certificate that you
need to look for in the Trusted Certificates.
5. Export the Trusted Certificate(s) from HP SIM:
There could be from 0 to 3 trusted certificates in the HP SIM Trusted Certificates.
a. In HP SIM browse to Options → Security → Credentials → Trusted Systems and click the
Trusted Certificates tab. Look at the Issued To and Issued By fields in the HP SIM Trusted
Certificates.
b. Look for the certificate that issued the Server Certificate and export it as
<certificate-name>.cer.
c. Export the trusted certificate to the folder you created earlier.
d. Determine if the trusted certificate just exported was signed by another certificate authority. If yes,
export it also.
e. Repeat the procedure until you get to a certificate for which the Issued To and Issued By columns
contain the same certificate name.
Most often there is one Server Certificate and one Trusted Certificate.
6. Clear the old HP SIM certificate from the WEBES database with the following command:
desta cert –clear –alias <alias>
This will ensure that a new certificate is imported into WEBES.
7. Import the saved trusted certificate(s). The trusted certificate(s) must be imported before the server
certificate:
a. Open a command prompt and connect to the folder where the certificates were saved.
b. Execute command: desta cert –trustfile <trusted-certificate.cer>
Where <trusted-certificate.cer> is the file saved above.
8. Import the saved server certificate with the following command:
desta cert –trustfile <server-certificate.cer> -alias hpsim-<name of
certificate in fqdn format>.
9. Display a list of WEBES certificates with the command desta cert -list to view a list of the
certificates WEBES has stored. You should see the certificates that were just imported. If they look
correct, start DESTA. Communication with HP SIM should be established shortly.
A.4.3 If the Server Certificate is Not the Default and There Are No Trusted Certificates
The situation may occur where the server certificate was modified but there are no certificates in the HP SIM
trusted certificates.
A.4.3.1 Server Certificate is a Self-Signed Certificate
In one case the Server Certificate is self-signed. The certificate is issued by itself and is not contained in the
output of desta cert –list.
To resolve this issue, export the certificate from the HP SIM Server Certificates display and export it into
DESTA.
A.4.3.2 Server Certificate is Issued By a Certificate Not in HP SIM Trusted Certificates
Sometimes the server certificate is issued by another certificate but that certificate is not in the HP SIM Trusted
Certificates. When this occurs you need to look for the certificate in Internet Explorer, export it, and import
in to WEBES prior to importing the HP SIM server certificate.
1. The HP SIM server certificate indicates it is trusted by a certificate, for example: ABC Certificate
Authority.
2. In an IE window navigate to Tools → Internet Options → Content → Certificates → Intermediate
Certification Authorities.
A.4 Importing Certificates into WEBES 45