- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Trusted External Certificate Import
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2010 12:19 PM
12-20-2010 12:19 PM
Trusted External Certificate Import
Is there a way to get HPSIM to generate a request for 2048.,
(NTFS) No Time For Stupidity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2011 04:57 AM
08-12-2011 04:57 AM
Re: Trusted External Certificate Import
Hi,
I'm in front of the same problem. I would like to have an official certificate signed by a trusted CA, but for SAN (Subject Alternate Name) certificate they only accept at least 2048 bit certificate.
Is ther a way to create / replace the SIM certifcate by one of 2048 bit size?
Could we just replace the private key and it's certificate by one generated using openssl?
Thanks for any hint.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2011 07:41 PM
08-12-2011 07:41 PM
Re: Trusted External Certificate Import
Oddly enough this came up in conversation today between a couple of us who have been asked this very question. The 2048 bit CSR is coming, but isn't here today in SIM. I posed the question internally and if come up with a work around I'll pass it on if no one beats me to the punch and posts it here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-26-2011 06:44 AM
08-26-2011 06:44 AM
Re: Trusted External Certificate Import
Does HP know what release of HPSIM that we will be able to produce a 2048 certificate request?
(NTFS) No Time For Stupidity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2011 07:58 AM
12-23-2011 07:58 AM
Re: Trusted External Certificate Import
Any word on when these will be supported?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2012 02:22 AM
01-03-2012 02:22 AM
Re: Trusted External Certificate Import
i m sure next version which will be coming soon. 7.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2012 11:08 PM - edited 02-09-2012 09:18 PM
01-27-2012 11:08 PM - edited 02-09-2012 09:18 PM
Re: Trusted External Certificate Import
Using HP SIM 6.3 with 2048 bit third party CA signed cert.
-1. optional - on Windows 2008r2 you might prefer not to reconfigure java Connector port 280 to port 80, Windows 2008r2 supports WinRM - remote management - which also runs over port 80, IIS has special code to support dual purposing the use of port 80 for an application and the WinRM service. But you can install the URL Rewrite module in IIS and add a rule to redirect connections to the Default website automatically to the java Connector port 443 - Another gotcha is the 50000 connector port has challenging syntax which doesn't process a non-slashed URL properly change it to the traditional ></Connector> format and everything will be fine.
0. optional - change URL port to https default port
edit C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\jboss-web.deployer\server.xml change two instances of 50000 to 443
1. get <current password> for private key and keystore from C:\Program Files\HP\Systems Insight Manager\jboss\server\hpsim\deploy\jboss-web.deployer\server.xml search for "keystorePass="
2. create a 2048 bit private keypair and keystore
cd C:\Program Files\HP\Systems Insight Manager\j2re\bin
keytool -genkey -keyalg RSA -keysize 2048 -keypass <current password> -validity 1000 -alias tomcat -keystore hp.keystore
Enter keystore password: <current password>
Re-ener new password: <current password>
First and last name: hpsim.domain.com
Name of Organization Unit: department
Name of Organization: company
Name of City or Locale: city
Name of State or Province: state
Two letter Country Code: us
3. create a signing request
cd C:\Program Files\HP\Systems Insight Manager\j2re\bin
keytool -certreq -alias tomcat -keyalg RSA -keystore hp.keystore -file hpsim.csr
4. get request signed
5. import the CA root and intermediate and signed cert into hp.keystore - portcle is a really nice opensource GUI tool for managing keystores
6. rename old keystore
cd C:\Program Files\HP\Systems Insight Manager\config\certstor
ren hp.keystore old.hp.keystore
7. install new keystore
copy C:\Program Files\HP\Systems Insight Manager\j2re\bin\hp.keystore
C:\Program Files\HP\Systems Insight Manager\config\certstor\hp.keystore
8. synchronize certs
cd C:\Program Files\HP\Systems Insight Manager\bin
mxcert -s
9. restart hp sim
C:\Program Files\HP\Systems Insight Manager\bin>sc stop "HP Systems Insight Manager"
wait about 2 minutes
C:\Program Files\HP\Systems Insight Manager\bin>sc start "HP Systems Insight Manager"
wait about 2 minutes
verify with log file C:\Program Files\HP\Systems Insight Manager\logs\mxdomainmgr.0
Look at the bottom of the file for:
28 Jan 00:43:46,230 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 58s:812ms
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-25-2016 06:21 AM
03-25-2016 06:21 AM
Re: Trusted External Certificate Import
Great manual..
I was successfull only by doing steps 3-5 right in Portecle.app.
Steps 2,6,7 aren't required if you work directly with existing keystore:
C:\Program Files\HP\Systems Insight Manager\config\certstor\hp.keystore