HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX

171

172

173

174

175

176

177

178

179

180

• Installing OpenSSH

• Managing SSH keys

Replicating trusted certificates

System administrators that have the HP SIM Require or First Time Accept features enabled can replicate

the trusted certificates list to other HP SIM systems. If you do not use the Require or First Time Accept

features of HP SIM as a two-way trust solution, this procedure is not necessary.

Migrating trusted system certificates from the Source

CMS

to the target CMS

Two options are available to migrate the trusted certificates from a source CMS to a target CMS. The first

option can be used when the source CMS has many trusted certificates and the second option can be used

when a source CMS has fewer of trusted certificates.

Migrating certificates when the source CMS has many trusted certificates

WARNING! When migrating certificates, you lose the existing SSL Server Key and certificate on the target

CMS and must reestablish the trust relationship with any agents configured to trust the target CMS. See Step

13.

To migrate a trusted certificate from a source to a target CMS with many trusted certificates:

1. Log in with administrative rights HP SIM on the source CMS system.

2. Go to <HPSIM Install folder>\Systems Insight Manager\config\certstor.

3. Copy the files named hp.keystore and keyfile.3.

4. Log in with administrative privileges to the target CMS system.

5. Go to the <HPSIM Install folder>\Systems Insight Manager\config\certstor directory.

6. Replace the hp.keystore and keyfile.3 files with the files copied in step 3.

7. On the target CMS system, select Start→Settings→Control Panel→Administrative Tools→Services.

8. Restart the HP SIM service.

Note: You might see a browser warning indicating that the name in the certificate does not match the

name of the site. This result is expected because you are temporarily using the certificate from the source

CMS, but you can view the certificate displayed by the browser to ensure its authenticity before signing

in.

9. Sign in with administrative rights to HP SIM on the target CMS. Select Options→Security→HP Systems

Insight Manager Server Certificate.

10. To create a new server certificate, click New.

11. On the target CMS system, select Start→Settings→Control Panel→Administrative Tools→Services.

12. Restart the HP SIM service.

13. Install the new server certificate on the required managed systems using the Replicate Agent Settings

feature. For more information, see “Using the Replicate Agent Settings feature”.

Migrating certificates when the source CMS has a lower number of trusted certificates

1. Log in to the source CMS system with administrative privileges.

2. Select Options→Security→Credentials→Trust Relationships.

3. Select a certificate, and then click Export.

4. Save the certificate locally.

5. Repeat steps 2 and 3 for all certificates listed on the Trusted System Certificates page.

6. Copy all exported certificates to the target CMS system.

7. Sign in with administrative rights to HP SIM on the target CMS.

8. Select Options→Security→Credentials→Trust Relationships

9. Click Import.

10. Click Browse, and then select a certificate.

11. Click OK.

12. Repeat steps 9 through 11 for all certificates.

178 Networking and security