HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux

161

162

163

164

165

166

167

168

169

170

Creating a server certificate

Users with

administrative rights

can create a new

self-signed certificate

when they replace the HP Systems

Insight Manager (HP SIM)

Secure Sockets Layer

(SSL) server

certificate

and

private key

in the following

situations:

• The integrity of the HP SIM server certificate private key is compromised

• The existing HP SIM server certificate expires

This self-signed certificate is configured to expire 10 years from the date of creation.

Create a new self-signed certificate when you must replace the HP SIM SSL server certificate and private

key. The public key is included in the certificate that goes out to the client. The private key is kept secure in

the keystore database on the HP SIM server file system. The public and private key pair of the System

Management Homepage (residing on the same system) is overwritten with the new HP SIM public and private

key pair.

IMPORTANT: Replacing the SSL server certificate and private key invalidates the existing HP SIM server

certificate and the System Management Homepage certificate wherever they might be imported, such as

browsers and the Trusted Management Servers List in other System Management Homepages. Replace the

previous server certificate with the new server certificate in accordance with your security practices to return

to the same level of functionality you had before.

NOTE: On Windows and Linux, this process also affects the local System Management Homepage certificate

and private key on HP-UX systems, it affects the

Web-Based Enterprise Management

(WBEM) Services

certificate and private key.

NOTE: Valid characters for each of these fields are letters a through z (lowercase), A through Z (uppercase),

numbers 0 through 9, and the following special characters: ‘ ( ) + , - . / : ? space _ and ~. Each field must

contain at least one non-white space character.

To create a new certificate:

1. Select Options→Security→Certificates→Ser ver Certificates, and then click New. The New Server

Certificate section appears, and the fields are automatically populated with default values.

2. (Optional) Change the following fields:

Server certificates 169