HP Systems Insight Manager 7.2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Windows Software

241

242

243

244

245

246

247

248

249

250

Importing a server certificate

Import a CA-signed server certificate to replace the existing server certificate in the following

situations:

• You have installed HP SIM and want to replace the default self-signed certificate with a

certificate created by a third-party CA or your own internal CA.

• The integrity of the HP SIM server certificate private key is compromised.

• The existing HP SIM server certificate has expired.

CAUTION: Replacing the SSL server certificate and private key invalidates the existing server

certificate wherever it might be imported, such as browsers and the Trusted Management Servers

Lists of managed systems. Replace the previous server certificate with the new server certificate in

accordance with your security practices to return to the same level of functionality you had before.

NOTE: On Windows and Linux, this process also affects the local System Management Homepage

certificate and private key on HP-UX systems, it affects the WBEM Services certificate and private

key.

Procedure 93 Importing a server certificate

1. Create a CSR. See Creating a certificate signing request for additional information. The CSR

uses parameters from the existing certificate, including any alternative names. If you want to

change those parameters, edit the server certificate (see Editing a server certificate) or create

a new server certificate (see Creating a server certificate).

2. Submit the request to a CA. See Submitting a certificate signing request for more information.

The CA returns a signed certificate.

3. Import the signed certificate reply into HP SIM. See Importing a CA-signed certificate for more

information.

Security related information

Exporting a server certificate

Export the HP SIM server certificate to a file to facilitate deployment of the certificate into your

browser, enabling the browser to properly identify the HP SIM server. This certificate is a public

document, so it does not need to be kept private. However, because the certificate is kept publicly

accessible, you must ensure that it cannot be modified.

Only HP SIM users with administrative rights can export the HP SIM system certificate from HP

SIM.

NOTE: The system certificate can be exported as a Base64 encoded certificate. The exported

certificate can be imported into a browser or a system's or the Trusted Management Systems List.

Procedure 94 Exporting the system certificate from HP SIM using Microsoft Internet Explorer

1. Select the location for the file to be saved.

2. Enter a file name and click Save to save the certificate as a Base64-encoded X.509 certificate.

This file can be imported into a browser or managed system for authentication of the CMS

during a SSL connection. You can click Cancel to cancel the save operation and return to the

System Certificate page.

Procedure 95 Exporting the system certificate from HP SIM using Mozilla

1. Display the certificate in a new browser window.

2. Select the entire contents of the browser window that includes the certificate.

3. Copy the selected text to the clipboard.

4. Paste the text into a text editor, and save the file with a .CER file extension.

Security 243