HPE Community
Server Management - Systems Insight Manager
1752798 Members
5978 Online
108789 Solutions
New Discussion

HP SIM update to 7.2 creates new SIM certificate?

 
SwisspostIT
Valued Contributor

‎06-03-2013 11:02 PM

‎06-03-2013 11:02 PM

HP SIM update to 7.2 creates new SIM certificate?

Hi everyone,

 

is it normal that if you upgrade the HP SIM from 7.1 to 7.2 that it creates a new certificate?

I always thought that an upgrade of HP SIM should keep the same old certificate, so that we don't have to redistribute a new certificate on all 1000+ managed systems??

 

Thanks and regards,

Ville

0 Kudos
Reply
5 REPLIES 5
SwisspostIT
Valued Contributor

‎06-04-2013 12:58 AM

‎06-04-2013 12:58 AM

Re: HP SIM update to 7.2 creates new SIM certificate?

I just found following statement in the "HP SIM 7.2 Install and Configure guide":

 

NOTE:

All HP SIM certificates are restored/retained after the SIM upgrade process. The content

of the certificate files do not change during the upgrade process, thus retaining the previous IP

address and the host-name details of the system. HP SIM upgrade does not change any content

of the certificate files. So previous IP/host-name will be retained.

 

So it seems to me that something went wrong while updating...

 

Regards,

Ville

0 Kudos
Reply
LindsayHill
Honored Contributor

‎06-04-2013 05:47 PM

‎06-04-2013 05:47 PM

Re: HP SIM update to 7.2 creates new SIM certificate?

Yes, I just saw this same behaviour yesterday too. It is in part related to changes in key length used by SIM. The default is now to have 2048-bit main certificate used for the web login and WBEM. There's still the old 1024-bit cert used for SSO.

 

I'm seeing some pretty inconsisten behaviour with the certificates, SSO and WBEM. It's a bit of a mess.

__
@northlandboy
Reply
SwisspostIT
Valued Contributor

‎06-05-2013 12:06 AM

‎06-05-2013 12:06 AM

Re: HP SIM update to 7.2 creates new SIM certificate?

Hi Lindsay,

 

Thanks for that input!

I have a case open at HP now and I'll have a VR session with L2 today.

Maybe they can help me to get back to the "old" cert or something like that...

 

Regards,

Ville

0 Kudos
Reply
LindsayHill
Honored Contributor

‎06-05-2013 01:20 PM

‎06-05-2013 01:20 PM

Re: HP SIM update to 7.2 creates new SIM certificate?

I've got copies of the old certs, but I'm not going to try and go back. Will probably break something else.
__
@northlandboy
0 Kudos
Reply
SwisspostIT
Valued Contributor

‎06-06-2013 01:02 AM

‎06-06-2013 01:02 AM

Re: HP SIM update to 7.2 creates new SIM certificate?

Hi Lindsay,

 

I had a VR Session with L2 yesterday.

It is normal, that after the update there is a new 2048 bit certificate listed under Security --> HP SIM Server certificate. But it still has the "old" 1024 bit certificate which it uses for SSO.

Here's a statement of the HP SIM 7.2 user guide (page 102):

 

For Single Sign-On operations, HP SIM uses SSO certificate only; this is the self-signed 1,024-bit

certificate. HP SIM does not support any other third party certificate or CA-signed certificate for

SSO.

NOTE:

Though the 2,048-bit certificate is suggested by HP SIM, since not all managed systems

support it, HP SIM uses 1024-bit certificate for SSO, especially considering backward compatability

and upgrades.

 

Discovery of a system with the "old" certificate still works and it seems that everything is working fine!

 

 

Regards,

Ville

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.