Neoview User Management and Security Administration Guide (R2.5)
1. Use the NCI create csr command or the Generate CSR tab on the HPDM CA Certificate
screen to create a Certificate Signing Request (CSR).
Table 2-8 CSR Creation Attributes
CommentRangeInitial Value
Field Name
(HPDM)
Parameter Name
(NCI)
Specifies the
unqualified DNS name
of the primary segment
DNS nameNAImplicit: the
system to which
you are currently
connected
SYSTEM_NAME
Specifies the location
to which the certificate
signing request will be
downloaded to your
workstation.
Pathname
in NCI
file and
folder in
HPDM
NA“Save As” dialog
prompts for
target folder and
file name
CSR
Specifies the Subject
string to be inserted
into the certificate. In
NCI, you specify a text
string with commas
separating elements of
the DN. In HPDM,
enter the value of each
element in the
corresponding field.
Distinguished
name
O=Hewlett-Packard Company,
OU=Self-Signed,
CN=SYSTEM_NAME
Common Name,
Organization,
Organizational
Unit,
City/Locality,
State/Province,
Country/Region
SUBJECT
Specifies the size of the
encryption key
1024 or
2048
2048Key Size (bits)KEYSIZE
2. Submit the CSR to the CA for signing.
NOTE: If possible, use facilities provided by the CA to specify Subject Alternate Names
(SAN) for all segments, or at least for all secondary segments (e.g., NEO0102 to NEO0116).
This information will not be present in the original CSR but is required to prevent users of
the HPDM Event Viewer from seeing a pop-up with a message like this Security Alert:
If your CA does not allow you to specify SANs, define a procedure for your users to follow
if they encounter one of these unsettling messages; one approach is to instruct users to select
View Certificate and check the validity of the information displayed.
3. Receive the signed certificate from the CA. This is sometimes called the root certificate.
58 Post-installation Security Setup Tasks