- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Importing CA signed certificates - HP SIM SSL
Server Management - Systems Insight Manager
1753666
Members
5902
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2006 11:18 PM
тАО06-18-2006 11:18 PM
Importing CA signed certificates - HP SIM SSL
We would like to import an existing private key/certificate pair into SIM, signed by an external CA. However, there does not seem to be any way to do this in the interface.
All the documentation expects you to have generated the private key on the server itself, and then be trying to import a matching certificate. In our case, because we have a wildcard certificate, we need to import the private key as well.
Does anyone know how we might do this?
After digging around a bit, it looks as if the server certificate and private key is stored in config/certstor, in the hp.keystore file. As far as I can tell the keyfile.3 file contains an encoded/encrypted password, which allows the HP SIM software to use the keystore.
I can create a keystore of my own containing our certificate, private key and CA intermediate certs, but I have no idea what to set the password to so that the SIM software can use it.
Does anybody have any idea how I can get this certificate imported in one way or another?
Thanks,
Dave
All the documentation expects you to have generated the private key on the server itself, and then be trying to import a matching certificate. In our case, because we have a wildcard certificate, we need to import the private key as well.
Does anyone know how we might do this?
After digging around a bit, it looks as if the server certificate and private key is stored in config/certstor, in the hp.keystore file. As far as I can tell the keyfile.3 file contains an encoded/encrypted password, which allows the HP SIM software to use the keystore.
I can create a keystore of my own containing our certificate, private key and CA intermediate certs, but I have no idea what to set the password to so that the SIM software can use it.
Does anybody have any idea how I can get this certificate imported in one way or another?
Thanks,
Dave
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2006 09:38 AM
тАО06-19-2006 09:38 AM
Re: Importing CA signed certificates - HP SIM SSL
Dave,
Did you look at this document here:
http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf
It has a section called "How To: lockdown versus ease of use" then in that section is a subsection labeled "strong". Is this not the information you are looking for?
-Rich
Did you look at this document here:
http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf
It has a section called "How To: lockdown versus ease of use" then in that section is a subsection labeled "strong". Is this not the information you are looking for?
-Rich
Why does my tivo keep recording Nickelodeon?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-20-2006 10:10 PM
тАО06-20-2006 10:10 PM
Re: Importing CA signed certificates - HP SIM SSL
Thanks Rich,
Unfortunately, that procedure still relies on us generating a CSR from the SIM interface, then taking that CSR to a CA and getting a certificate issued, which can then be imported in. Generating the CSR creates a private key, which must match with the public key on the imported certificate.
Our certificate already exists and so has it's own private key, which will not match the one generated when the CSR is requested. There is no option to import a private key in the interface, and it won't let us import a certificate which doesn't match the previously generated private key.
Anyway, we did manage to find a way of getting the certificate imported, by replacing the hp.keystore file with one we'd generated ourselves. We found that the password used to access the keystore was stored in the server.xml file of the SIM application install (Can't remember the exact location). We were therefore able to generate our own keystore file with that password, containing our wildcard certificate (labelled as "tomcat" so the application knew to use it as the server certificate), its associated private key, and the Root and intermediate certificates required for the certification path.
The local server seemed quite happy running with this wildcard certificate, and because it has a proper certification path, no browser warnings were generated.
Unfortunately the fact that it was a wildcard certificate caused problems when trying to use it as a Trusted Management Server Certificate on one of our other servers. It imported okay, but when you try to click through to the System Management Homepage for that server from the HP-SIM main interface, it doesn't like it. We think it's trying to contact the server specified in the certificate, which it can't do because it's a *.cranfield.ac.uk wildcard and not a specific server.
Dave
Unfortunately, that procedure still relies on us generating a CSR from the SIM interface, then taking that CSR to a CA and getting a certificate issued, which can then be imported in. Generating the CSR creates a private key, which must match with the public key on the imported certificate.
Our certificate already exists and so has it's own private key, which will not match the one generated when the CSR is requested. There is no option to import a private key in the interface, and it won't let us import a certificate which doesn't match the previously generated private key.
Anyway, we did manage to find a way of getting the certificate imported, by replacing the hp.keystore file with one we'd generated ourselves. We found that the password used to access the keystore was stored in the server.xml file of the SIM application install (Can't remember the exact location). We were therefore able to generate our own keystore file with that password, containing our wildcard certificate (labelled as "tomcat" so the application knew to use it as the server certificate), its associated private key, and the Root and intermediate certificates required for the certification path.
The local server seemed quite happy running with this wildcard certificate, and because it has a proper certification path, no browser warnings were generated.
Unfortunately the fact that it was a wildcard certificate caused problems when trying to use it as a Trusted Management Server Certificate on one of our other servers. It imported okay, but when you try to click through to the System Management Homepage for that server from the HP-SIM main interface, it doesn't like it. We think it's trying to contact the server specified in the certificate, which it can't do because it's a *.cranfield.ac.uk wildcard and not a specific server.
Dave
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP