topic Re: Trusted Certificates in Server Management - Systems Insight Manager

Trusted Certificates

Francis Frisina — Tue, 09 Nov 2004 15:51:08 GMT

Hello all:

My question today involves Trusted Certificates. It is my understanding that I can use a Trusted Certificate in place of the "Trust All" or "Trust by Name" options in the trust section of the system management options. I would like to do this at my company, as I feel it would increase security - in addition to lock out other HP SIM installations that float around our corporate network.

I have to say, though, that I am considerably confused about the process of generating, exporting, and importing these certificates.

I am looking on page 379 of the System book for HP SIM, but I have not found any instructions that I can easily follow on how to set up the relationship using a Trusted Certificate.

Does one have to use a CA? And, if so, is this CA some entity that I would have to contact outside of my organization?

The only place I can find that generates key data is the PKCS#10 generator, and I am not sure if this is what I have to use - nor am I sure what to do after I generate data with this tool.

Any help at all would be appreciated, as usual.

Thanks, and happy Tuesday!

Re: Trusted Certificates

Rob Buxton — Tue, 09 Nov 2004 16:23:41 GMT

It is a very simple process and doesn't involve obtaining additional certificates.

From the Agent Seetings Options screen, change the Trust Level and then a bit further the down same screen enter the name of the HPSIM Server into the Insight Manager 7 Server Name: box and "Get Cert" the Certificate. The HPSIM Server will then be listed in the Trusted Certificates List on the same screen.

The other thing you will want to do if you use the VCRM is to configure the Agent. Here you will need to export the Certificate, generally this produces a Server.cer file (or something similar) which you can open in Wordpad. Just cut 'n' paste that into the Agent Configuration screen. This ensures that when you push out those agents to a Server all of the Trust details are already set up.

Re: Trusted Certificates

Francis Frisina — Tue, 09 Nov 2004 16:46:53 GMT

Excellent reply.

Thank you very much! I am now using certificates on some of my systems, and it was a very painless process.

10 points awarded.

Re: Trusted Certificates

Francis Frisina — Wed, 10 Nov 2004 09:02:47 GMT

I'm not quite following what you are saying in the second part of your message.

I do use the VCRM, and I have my agents configured, but I'm not seeing where I would make any settings in the agents that deal with certificates.

Shed any light?

Re: Trusted Certificates

Aravindh Rajaram — Wed, 10 Nov 2004 10:02:28 GMT

On the Agents (https:\\:2381) page click on the "Settings" Tab and in that page you click on the "Options" link. On the page that comes up scroll down till the end and you'll find "Trust mode". Here either you can set "Trust All" or "Trust by name" or "Trust by certificate". If you opt for "Trust by certificate" then you'll have import the certificate of the CMS. Importing the certificates can be done from the same page by giving the CMS name or ip address and then by clicking "Get Cert".

Re: Trusted Certificates

Rob Buxton — Wed, 10 Nov 2004 12:01:28 GMT

From the VCRM, go to Catalog, click on the Configure a Component. Select the Insight Manager Agents. On the screen presented you can set passwords. Below that is the Select Trust Mode drop down box and below that the space where the Certifcate can be pasted.

Re: Trusted Certificates

Francis Frisina — Wed, 10 Nov 2004 13:07:42 GMT

The replies in this thread have answered my questions. Thanks!