Other problems, 7 other problems – HP Systems Insight Manager User Manual
Page 81
This configuration leaves the default SP2 security enhancements intact, but allows traffic over
the ports previously indicated. These ports are required for HP SIM and Version Control
Repository Manager to run. Ports 2301 and 2381 are required for the Version Control
Repository Manager and ports 280 and 50000 are required by HP SIM. The secure and
insecure ports must be added for each product to enable communication with the applications.
13.13.6.2
Why can't I import X.509 certificates directly into HP SMH?
HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This certificate
request should be supplied to the certificate authority. Most CAs return Base64-encoded PKCS
#7 certificate data that you can import directly into HP SMH by selecting Settings
→HP
System Management Homepage
→Security→Local Server Certificate.
If the CA returns the certificate data in X.509 format, rename the X.509 certificate file as
cert.pem
and place it into the \hp\sslshare directory. When HP SMH is restarted, this
certificate is used.
13.13.6.3
Why is my PKCS #7 cert data not accepted?
When using a Mozilla browser, there can be problems when cutting and pasting cert request
and reply data using Notepad or other editors. To avoid these problems, use Mozilla to open
certificate reply files from your CA. Use the Select All, Cut, and Paste operations supplied by
Mozilla when working with certificates.
13.13.6.4
Why is my private key file not protected by the file system?
If you are using Windows operating systems, you must have the system drive in NTFS format
for the private key file to be protected by the file system.
13.13.6.5
Why do I get errors when I paste my customer-generated certificate PKCS #7 data into the HP
SIM Certificate Data field in Settings
→HP SMH→Security→Trusted Management Servers?
The customer-generated certificate PKCS #7 data is not relevant to the date given in the Trusted
Management Servers
field. The PKCS #7 data should be imported into the Customer Generated
Certificates Import PKCS #7 Data field under Settings
→HP SMH→Security→Local Server
Certificate
. The HP Systems Insight Manager Certificate Data field is used to trust HP SIM
servers with HP SMH.
13.13.6.6
Why can't I use a Windows 2003 CA to grant my third-party certificate into HP SMH?
To use a Windows 2003 CA to create a certificate for HP SMH:
1.
Create the PKCS #10 data packet by clicking Settings
→HP SMH→Security→Local
Server Certificate
page.
2.
Press the Ctrl+ C keys to copy the data into a buffer.
3.
Navigate to http://W2003CA/certsrv where W2003CA is the name of your Windows
2003 certificate authority system and complete the following:
a.
Select Request a certificate.
b.
Select Advanced certificate request.
c.
Select Submit a certificate request by using a base.
d.
Press the Ctrl+ V keys to paste the PKCS #10 data into the field.
4.
From your Windows 2003 certificate authority system complete the following:
a.
Click Start
→All Programs→Administrative Tools→Certification Authority.
b.
Click CA (Local)
⇒ W2003CA/certsrv ⇒ where W2003CA is the name of your
Windows 2003 certificate authority system.
c.
Issue the pending request certificate.
5.
Navigate to http://W2003CA/certsrv, where W2003CA is the name of your Windows
2003 certificate authority system and complete the following:
a.
Select View the status of a pending certificate request.
b.
Select Base64-encoded and Download certificate (not certificate chain).
c.
The file download is certnew.cer.
d.
Rename certnew.cer to cert.pem.
13.7 Other Problems
13.13.7.1
I am having problems downgrading HP SMH from 3.x and above to 2.x.
81