HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux

171

172

173

174

175

176

177

178

179

180

Synchronizing certificates

When the HP Systems Insight Manager (HP SIM) server certificate is created or modified, the public and

private

certificate key

-pair of the System Management Homepage certificate is overwritten with the HP SIM

public and private key-pair.

NOTE: This feature is available in the unlikely event that the certificates become unsynchronized for an

unknown reason.

NOTE: For the certificate sharing feature to work in HP-UX, OpenSSL must be installed in the

/OPT/APACHE/SSL/BIN/ directory (default for HP-UX installations). For the certificate sharing feature to

work in Linux, OpenSSL must be installed in the /USR/BIN/ directory (default for Linux installations).

Related procedures

• Creating a server certificate

• Exporting a server certificate

• Importing a server certificate

• Editing a server certificate

Related topics

• Server certificates

• Networking and security

• Replicating trusted certificates

• Installing OpenSSH

• Managing SSH keys

Replicating trusted certificates

System administrators that have the HP Systems Insight Manager (HP SIM) Require or First Time Accept

features enabled can replicate the trusted certificates list to other HP SIM systems. If you do not use the

Require or First Time Accept features of HP SIM as a two-way trust solution, this procedure is not necessary.

Migrating trusted system certificates from the Source

Central Management Server

(CMS) to the

target CMS

Two options are available to migrate the trusted certificates from a source CMS to a target CMS. The first

option can be used when the source CMS has many trusted certificates and the second option can be used

when a source CMS has fewer of trusted certificates.

Migrating certificates when the source CMS has many trusted certificates

WARNING! When migrating certificates, you lose the existing SSL Server Key and certificate on the target

CMS and must reestablish the trust relationship with any agents configured to trust the target CMS. See Step

13.

To migrate a trusted certificate from a source to a target CMS with many trusted certificates:

1. Sign-in with administrative rights HP SIM on the source CMS system.

2. Go to <HPSIM Install folder>\Systems Insight Manager\config\certstor.

3. Copy the files named hp.keystore and keyfile.3.

4. Log in with administrative privileges to the target CMS system.

5. Go to the <HPSIM Install folder>\Systems Insight Manager\config\certstor directory.

6. Replace the hp.keystore and keyfile.3 files with the files copied in step 3.

7. On the target CMS system, select Start→Settings→Control Panel→Administrative Tools→Services.

8. Restart the HP SIM service.

Note: You might see a browser warning indicating that the name in the certificate does not match the

name of the site. This result is expected because you are temporarily using the certificate from the source

Server certificates 175