HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Trust Madness Part 2 -- Duplicate Certs
Server Management - Systems Insight Manager
1833043
Members
2535
Online
110049
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 10:44 PM
07-14-2005 10:44 PM
Trust Madness Part 2 -- Duplicate Certs
OK..fixed the problem where SIM was distributing the wrong cert.
Only a handful of our 400 servers are trusted however.
I picked 2 test servers. They each had 2 certificates for the hostname of the CMS/SIM server. SIM correctly pushed the new cert but did not remove the old one.
Once I removed the old certificte and rediscovered the system, the trust was present. I repeated this for the other node with the same results.
It appears that SIM will add certs but not take them away. Herein lies the problem. I need to find a way to remove the old cert on 400 servers -- so I can establish a trust with them -- or otherwise do it manually x400.
Please tell me there is a way to automate this. :^)
Thanks.
Only a handful of our 400 servers are trusted however.
I picked 2 test servers. They each had 2 certificates for the hostname of the CMS/SIM server. SIM correctly pushed the new cert but did not remove the old one.
Once I removed the old certificte and rediscovered the system, the trust was present. I repeated this for the other node with the same results.
It appears that SIM will add certs but not take them away. Herein lies the problem. I need to find a way to remove the old cert on 400 servers -- so I can establish a trust with them -- or otherwise do it manually x400.
Please tell me there is a way to automate this. :^)
Thanks.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 11:45 PM
07-14-2005 11:45 PM
Re: Trust Madness Part 2 -- Duplicate Certs
Hi Kevin,
Since you have trusts established, did you try using "Configure->Replicate Agents Settings...", and choose a "source" server where there is only 1 certificate, and replicate the "Trusted Certificate" setting??
This procedure, replaces what you have on target server, insted of adding it.
I think the source server has to have similar Agent versions, than target server.
Hope this helps
Alfredo
Since you have trusts established, did you try using "Configure->Replicate Agents Settings...", and choose a "source" server where there is only 1 certificate, and replicate the "Trusted Certificate" setting??
This procedure, replaces what you have on target server, insted of adding it.
I think the source server has to have similar Agent versions, than target server.
Hope this helps
Alfredo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2005 11:56 PM
07-14-2005 11:56 PM
Re: Trust Madness Part 2 -- Duplicate Certs
We already have a Replicate Agent settings task that distributes the new certificate (as well as settings) every day.
I can use the Configure and Repair agents to push the new certificate -- we've done this many times and it works too (well once you move your certs to C:\HP\SSLSHARE anyways).
Every server has the new cert, but it also has the old cert.
Removing the old cert will restore the trust, but I haven't been able to find any way to automate the removal of the old certs.
I can use the Configure and Repair agents to push the new certificate -- we've done this many times and it works too (well once you move your certs to C:\HP\SSLSHARE anyways).
Every server has the new cert, but it also has the old cert.
Removing the old cert will restore the trust, but I haven't been able to find any way to automate the removal of the old certs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2008 10:14 AM
12-04-2008 10:14 AM
Re: Trust Madness Part 2 -- Duplicate Certs
Kevin, did you ever find a way to remove the old certs?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP