HP SIM V5.1 User Guide (356920-009, January 2007)
• Creating a server certificate
• Importing a server certificate
• Synchronizing certificates
• Creating a certificate signing request
• Submitting a certificate signing request
• Importing a CA-signed certificate
Related topics
• Networking and security
• Replicating trusted certificates
• Possible certificate errors
• Installing OpenSSH
• Managing SSH keys
Creating a server certificate
Users with
full configuration rights
can create a new
self-signed certificate
when they must replace the HP
Systems Insight Manager (HP SIM)
Secure Sockets Layer
(SSL) server
certificate
and
private key
under the
following situations:
• The integrity of the HP SIM server certificate private key is compromised.
• The existing HP SIM server certificate expires.
This self-signed certificate is configured to expire 10 years from its date of creation.
Create a new self-signed certificate when you must replace the HP SIM SSL server certificate and private
key. The public key is included in the certificate that goes out to the client. The private key is kept secure in
the keystore database on the HP SIM server file system. The public and private key pair of the System
Management Homepage (residing on the same system) is overwritten with the new HP SIM public and private
key pair.
IMPORTANT: Replacing the SSL server certificate and private key invalidates the existing HP SIM server
certificate and the System Management Homepage certificate wherever they might be imported, such as
browsers and Trusted Management Servers List in other System Management Homepages. Replace the
previous server certificate with the new server certificate, in accordance with your security practices, to return
to the same level of functionality you had before.
NOTE: On Windows and Linux, this process will also affect the local System Management Homepage
certificate and private key. On HP-UX systems, it will affect the WBEM Services certificate and private key.
NOTE: Valid characters for each of these fields are a through z (lowercase), A through Z (uppercase), 0
through 9, and the following special characters: ‘ ( ) + , - . / : ? space _ and ~. Each field must contain at
least one non-white space character.
To create a new certificate:
1. Select Options→Security→Certificates→Server Certificates, and then click New. The New Server
Certificate section appears, and the fields are automatically populated with default values.
2. (Optional) Change the following fields:
a. The Common Name (CN) field holds the parameter that the browser uses for name comparison
when browsing to the Central Management Server (CMS). This field can be updated with other
name formats, such as fully qualified names and can contain up to 255 characters.
b. In the Organization (O) field, enter the name of your organization. This field can contain up to
64 characters.
c. In the Organizational Unit (OU) field, enter the name of your department. This field can contain
up to 64 characters.
d. In the Locality (L) field, enter the name of your city. This field can contain up to 128 characters.
156 Networking and security