Manualshelf

HP System Management Homepage User Guide, May 2005

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
11121314151617181920
After the Certificate Authority has returned PKCS #7 data, the final step is to import this into
the System Management Homepage.
After the PKCS #7 data data has been successfully imported, the original
\hp\sslshare\cert.pem certificate file for Windows, and the
/opt/hpsmh/sslshare/cert.pem file for HP-UX and Linux is overwritten with the system
certificate from that PKCS #7 data envelope. The same private key is used for the new imported
certificate as was used with the previous self-signed certificate. This private key is randomly
generated at startup when no key file exists.
To create a certificate:
1. Select Settings->System Management Homepage->Security.
2. Select Local Server Certificate.
3. Optionally, you can replace the default values in the Organization and/or Organizational
Unit fields with your own values up to a maximum of 64 characters.
4. Click Create PKCS #10 Data. A screen appears indicating that the PKCS #10 Certificate
Request data has been successfully generated and stored in
/opt/hpsmh/sslshare/req_cr.pem for HP-UX, /opt/hp/sslshare/req_cr.pem
for Linux, and c:\hp\sslshare\req_cr.pem for Windows.
5. Copy the certificate data.
6. Use a secure method to send PKCS #10 certificate request data to a Certificate Authority and
request the certificate request reply data in the form of PKCS #7 format. Request that the reply
data be in Base64 encoded format. If your organization has its own Public-key infrastructure
(PKI) or Certificate Server implemented, send the PKCS#10 data to the CA manager and
request the PKCS#7 reply data.
Note: A third-party certificate signer generally charges a fee.
7. When the certificate signer sends the PKCS#7 encoded certificate request reply data to you,
copy the data from the PKCS#7 certificate request reply and paste the copied data in the
PKCS#7 Data field. In this case, skip the next step.
8. Click Import PKCS #7 Data. A message appears indicating whether the customer-generated
certificate was successfully imported.
9. Restart the System Management Homepage.
10. Browse to the managed system that contains the imported certificate.
11. Select to view the certificate when prompted by the browser. Be sure the signer is listed as the
signer you used, and not HP, before importing the certificate into your browser.
Note: If the certificate signer of your choice sends you a certificate file in Base64 encoded
form instead of PKCS #7 data, copy the Base64 encoded certificate file to
/opt/hpsmh/sslshare/req_cr.pem for HP-UX, /opt/hp/sslshare/req_cr.pem
for Linux, and c:\hp\sslshare\req_cr.pem for Windows; then restart the System
Management Homepage.
19
The Settings Tab