HPE Community
Server Management - Systems Insight Manager
1833875 Members
1768 Online
110063 Solutions
New Discussion

Trusted Certificates

 
SOLVED
Go to solution
Francis Frisina
Advisor

‎11-09-2004 07:51 AM

‎11-09-2004 07:51 AM

Trusted Certificates

Hello all:

My question today involves Trusted Certificates. It is my understanding that I can use a Trusted Certificate in place of the "Trust All" or "Trust by Name" options in the trust section of the system management options. I would like to do this at my company, as I feel it would increase security - in addition to lock out other HP SIM installations that float around our corporate network.

I have to say, though, that I am considerably confused about the process of generating, exporting, and importing these certificates.

I am looking on page 379 of the System book for HP SIM, but I have not found any instructions that I can easily follow on how to set up the relationship using a Trusted Certificate.

Does one have to use a CA? And, if so, is this CA some entity that I would have to contact outside of my organization?

The only place I can find that generates key data is the PKCS#10 generator, and I am not sure if this is what I have to use - nor am I sure what to do after I generate data with this tool.

Any help at all would be appreciated, as usual.

Thanks, and happy Tuesday!
0 Kudos
6 REPLIES 6
Rob Buxton
Honored Contributor

‎11-09-2004 08:23 AM

‎11-09-2004 08:23 AM

Solution

Re: Trusted Certificates

It is a very simple process and doesn't involve obtaining additional certificates.

From the Agent Seetings Options screen, change the Trust Level and then a bit further the down same screen enter the name of the HPSIM Server into the Insight Manager 7 Server Name: box and "Get Cert" the Certificate. The HPSIM Server will then be listed in the Trusted Certificates List on the same screen.

The other thing you will want to do if you use the VCRM is to configure the Agent. Here you will need to export the Certificate, generally this produces a Server.cer file (or something similar) which you can open in Wordpad. Just cut 'n' paste that into the Agent Configuration screen. This ensures that when you push out those agents to a Server all of the Trust details are already set up.
0 Kudos
Francis Frisina
Advisor

‎11-09-2004 08:46 AM

‎11-09-2004 08:46 AM

Re: Trusted Certificates

Excellent reply.

Thank you very much! I am now using certificates on some of my systems, and it was a very painless process.

10 points awarded.
0 Kudos
Francis Frisina
Advisor

‎11-10-2004 01:02 AM

‎11-10-2004 01:02 AM

Re: Trusted Certificates

I'm not quite following what you are saying in the second part of your message.

I do use the VCRM, and I have my agents configured, but I'm not seeing where I would make any settings in the agents that deal with certificates.

Shed any light?
0 Kudos
Aravindh Rajaram
Honored Contributor

‎11-10-2004 02:02 AM

‎11-10-2004 02:02 AM

Re: Trusted Certificates

On the Agents (https:\\:2381) page click on the "Settings" Tab and in that page you click on the "Options" link. On the page that comes up scroll down till the end and you'll find "Trust mode". Here either you can set "Trust All" or "Trust by name" or "Trust by certificate". If you opt for "Trust by certificate" then you'll have import the certificate of the CMS. Importing the certificates can be done from the same page by giving the CMS name or ip address and then by clicking "Get Cert".
0 Kudos
Rob Buxton
Honored Contributor

‎11-10-2004 04:01 AM

‎11-10-2004 04:01 AM

Re: Trusted Certificates

From the VCRM, go to Catalog, click on the Configure a Component. Select the Insight Manager Agents. On the screen presented you can set passwords. Below that is the Select Trust Mode drop down box and below that the space where the Certifcate can be pasted.
0 Kudos
Francis Frisina
Advisor

‎11-10-2004 05:07 AM

‎11-10-2004 05:07 AM

Re: Trusted Certificates

The replies in this thread have answered my questions. Thanks!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.