beautypg.com

Replicating trusted certificates – HP Systems Insight Manager User Manual

Page 162

background image

Replicating trusted certificates

System administrators that have the HP Systems Insight Manager (HP SIM) Require or First Time Accept
features enabled can replicate the trusted certificates list to other HP SIM systems. If you do not use the
Require

or First Time Accept features of HP SIM for a two-way trust solution, this procedure is not necessary.

Migrating trusted system certificates from the Source CMS to the target CMS

Two options are available to migrate the trusted certificates from a source

Central Management Server

(CMS)

to a target CMS. The first option can be used when the source CMS has many trusted certificates and the
second option can be used when a source CMS has a lower number of trusted certificates.

Migrating certificates when the source CMS has many trusted certificates

Warning: You will lose the existing SSL Server Key and certificate on the target CMS and must reestablish
the trust relationship with any agents configured to trust the target CMS. See

Step 13

.

1.

Sign in to HP SIM on the source CMS system with administrative privileges.

2.

Go to \Systems Insight Manager\config\certstor.

3.

Copy the files named hp.keystore and keyfile.3.

4.

Log in to the target CMS system with administrative privileges.

5.

Go to the \Systems Insight Manager\config\certstor directory.

6.

Replace hp.keystore and keyfile.3 files with the files copied.

7.

On the target CMS system, select Start

SettingsControl PanelAdministrative ToolsServices.

8.

Restart the HP SIM service.

Note: You might see a browser warning indicating the name in the certificate does not match the name
of the site. This result is expected because you are temporarily using the certificate from the source CMS,
but you can view the certificate displayed by the browser to ensure its authenticity before signing in.

9.

Sign in to HP SIM on the target CMS with administrative privileges. Select
Options

SecurityCertificatesServer Certificate.

10. Click New to create a new server certificate.
11. On the target CMS system, select Start

SettingsControl PanelAdministrative ToolsServices.

12. Restart the HP SIM service.
13. Install the new server certificate to required managed systems using the Replicate Agent Settings feature.

For more information, see

“Using the Replicate Agent Settings feature”

.

Migrating certificates when the source CMS has a lower number of trusted certificates

1.

Log in to the source CMS system with administrative privileges.

2.

Select Options

SecurityCertificatesTrusted Certificate.

3.

Select a certificate, and click Export.

4.

Save the certificate locally.

5.

Repeat the steps 2 and 3 for all certificates listed on the Trusted System Certificates page.

6.

Copy all exported certificates to the target CMS system.

7.

Sign in to HP SIM on the target CMS with administrative privileges.

8.

Select Options

SecurityCertificatesTrusted Certificate.

9.

Click Import.

10. Click Browse, and select a certificate.
11. Click OK.
12. Repeat steps 9 through 11 for all certificates.

162 Networking and security