Replicating trusted certificates – HP Systems Insight Manager User Manual
Page 162
Replicating trusted certificates
System administrators that have the HP Systems Insight Manager (HP SIM) Require or First Time Accept
features enabled can replicate the trusted certificates list to other HP SIM systems. If you do not use the
Require
or First Time Accept features of HP SIM for a two-way trust solution, this procedure is not necessary.
Migrating trusted system certificates from the Source CMS to the target CMS
Two options are available to migrate the trusted certificates from a source
(CMS)
to a target CMS. The first option can be used when the source CMS has many trusted certificates and the
second option can be used when a source CMS has a lower number of trusted certificates.
Migrating certificates when the source CMS has many trusted certificates
Warning: You will lose the existing SSL Server Key and certificate on the target CMS and must reestablish
the trust relationship with any agents configured to trust the target CMS. See
.
1.
Sign in to HP SIM on the source CMS system with administrative privileges.
2.
Go to
3.
Copy the files named hp.keystore and keyfile.3.
4.
Log in to the target CMS system with administrative privileges.
5.
Go to the
6.
Replace hp.keystore and keyfile.3 files with the files copied.
7.
On the target CMS system, select Start
→Settings→Control Panel→Administrative Tools→Services.
8.
Restart the HP SIM service.
Note: You might see a browser warning indicating the name in the certificate does not match the name
of the site. This result is expected because you are temporarily using the certificate from the source CMS,
but you can view the certificate displayed by the browser to ensure its authenticity before signing in.
9.
Sign in to HP SIM on the target CMS with administrative privileges. Select
Options
→Security→Certificates→Server Certificate.
10. Click New to create a new server certificate.
11. On the target CMS system, select Start
→Settings→Control Panel→Administrative Tools→Services.
12. Restart the HP SIM service.
13. Install the new server certificate to required managed systems using the Replicate Agent Settings feature.
For more information, see
“Using the Replicate Agent Settings feature”
.
Migrating certificates when the source CMS has a lower number of trusted certificates
1.
Log in to the source CMS system with administrative privileges.
2.
Select Options
→Security→Certificates→Trusted Certificate.
3.
Select a certificate, and click Export.
4.
Save the certificate locally.
5.
Repeat the steps 2 and 3 for all certificates listed on the Trusted System Certificates page.
6.
Copy all exported certificates to the target CMS system.
7.
Sign in to HP SIM on the target CMS with administrative privileges.
8.
Select Options
→Security→Certificates→Trusted Certificate.
9.
Click Import.
10. Click Browse, and select a certificate.
11. Click OK.
12. Repeat steps 9 through 11 for all certificates.
162 Networking and security