HPE Community
Server Management - Systems Insight Manager
1837521 Members
3739 Online
110117 Solutions
New Discussion

Re: certificates/trust issues

 
joe scamardella
Occasional Contributor

‎04-05-2004 04:36 AM

‎04-05-2004 04:36 AM

certificates/trust issues

i have properly configured the HP servers to be managed by HP Systems Insight Manager with the Version Control Agent (matching password with Insight Manager server, importation of Insight Manager server certificate.) However, i cannot get rid of the "i" under 'SW", the default message is that a proper trust relationship does not exist (although VCRM trust is set up successfully on managed servers). Question: do signed certificates from the HP servers to be managed need to be imported into the trusted certificates list in the HP Systems Insight Manager? If so how do i do create and import certificates? I've gone through the online manual but the info is vague. all managed servers are running Win2k, Insight Manager server running Server 2003 . Thanks!
0 Kudos
Reply
6 REPLIES 6
Pat Wilson
Valued Contributor

‎04-05-2004 05:49 AM

‎04-05-2004 05:49 AM

Re: certificates/trust issues

The VCAgent doesn't use certificates. You must enter a username and password for the VCAgent to use to retrieve the software status information from the Version Control Repository Manager (VCRM).

Go to the Version Control Agent on the client, and click either the options tab (VCAgent ver 1), or the 'Change Agent Settings' hot area on the left panel (ver 2). Enter the name of your VCRM server, change the name to administrator, and enter the administrator password for the web agent. You are then prompted to select the Reference Support pack which the agent will use to determine if the software is up-to-date.

After the next software status polling cycle, the SW column will be updated with the newly reported status.
0 Kudos
Reply
joe scamardella
Occasional Contributor

‎04-05-2004 06:26 AM

‎04-05-2004 06:26 AM

Re: certificates/trust issues

thank you for the info; i've tried that (and just retried it as well) but still same problem occurs. I *do* have a correct admin login and setup of the VCRM since i get a level of software (softpack) reporting when viewing the VCA of the client. I've also run the software polling status for an update, i still get the "i" under SW on the main "All Systems" reporting page. Under the All Systems page the default message is: " Version Control Agent Trust Relationship Problem -Be sure that a trust relationship exists between the HP Systems Insight Manager and Version Control Agent on the target system. so what trust problem exists if VCA doesn't use certificates and the fact that the client machine can see the VCRM? i only get accurate software polling when viewing the System Insight Management server itself but not the clients ...
0 Kudos
Reply
David Claypool
Honored Contributor

‎04-05-2004 09:01 AM

‎04-05-2004 09:01 AM

Re: certificates/trust issues

Think of a triangle, with the 3 points being hpSIM, VCRM and VCA.

VCRM has to have a trust relationship with hpSIM (meaning that the management HTTP server has to have a copy of the certificate hash that hpSIM will use to establish communications with the VCRM, or, alternatively if using trust by name, the name of the hpSIM server) so that the user browsing to VCRM can change its configuration and do things like create custom Support Packs. hpSIM also uses trust to retrieve the catalog from the VCRM so it can display the catalog to choose the right item when creating a software update or deployment task.

VCA has to trust hpSIM in the same way so that hpSIM can contact it to get software status information. Also, the actual process by which a software update is initiated is by hpSIM starting a secure transaction with VCA. Once told what to do, VCA contacts VCRM to retrieve the items from the catalog that hpSIM told it to get and install. VCA/VCRM don't have a formal 'trust' relationship; VCA needs to be able to log in to VCRM to download the items it needs.

0 Kudos
Reply
joe scamardella
Occasional Contributor

‎04-05-2004 09:28 AM

‎04-05-2004 09:28 AM

Re: certificates/trust issues

i just discovered that in order to get rid of the "i" under SW in System Status and get a "green check mark" i had to import an SSL certificate from the client by adding this client server certificate into the Systems Insight Manager list of Trusted Certificates.

I was able to import this client certificate from within a list of certificates in Internet Explorer browser of the Systems Insight Manager Server itself. however, not all clients have browser SSL certificates added to this list in Systems Insight Manager server browser.

so my question becomes how do i generate SSL certificates on clients that can then be imported into Systems Insight Manager server list of trusted certificates? clients are running Win2k server and advanced server.

0 Kudos
Reply
Raymon_1
Frequent Advisor

‎04-12-2004 08:58 PM

‎04-12-2004 08:58 PM

Re: certificates/trust issues

The thing i did, was importing the certificate from the management server to the managament agent bij request from the agent. Under Trusted certificates i found this:

Insight Manager 7 certificates can also be retrieved through HTTP requests. To retrieve the public certificate, enter the server name in the text box below and press the 'Get Cert' button.

Insight Manager 7 Server Name:

Now i did this for most of the machines, but get an error on the machines behind a cicso pix (firewall), So what ports do ik need to have openend ? 2301 and 2381 are open so is snmp and snmp trap, What else do i need ?



0 Kudos
Reply
jim goodman
Trusted Contributor

‎04-13-2004 11:22 AM

‎04-13-2004 11:22 AM

Re: certificates/trust issues

Raymon that is my answer as well - definitely the simplest I have found yet for setting certs.

The ports to consider are the HHTPS port 5989, Web Agent port 2381 and SSH for DTF port 22.

- Jim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.