Generate a certificate signing request (csr) – HP Neoview Release 2.5 Software User Manual
Page 127
NOTE:
If possible, use facilities provided by the CA to specify Subject Alternate Names
(SANs) for all segments, or at least for all secondary segments (for example, NEO0102 to
NEO0116). This information will not be present in the original CSR but is required to enable
use of the event viewer without displaying warnings.
If your CA does not allow you to specify SANs, define a procedure for your users to follow
if they encounter browser security messages. One approach is to instruct users to view the
certificate, if possible, to check the vailidity of the displayed information.
3.
Receive the signed certificate from the CA. This is sometiems called the root certificate.
4.
Obtain the certificate of the CA that signed the certificate. This is sometimes called the
intermediate certificate and is the one downloaded to each workstation for use in encrypting
the password. In most cases, you can get the intermediate certificate from the CA, but if not,
you can obtain it from your browser. The precise means of doing so varies with the browser
and browser version, but be sure to export the intermediate certificate in Base-64 encoded
X.509 (.CER) format.
5.
If automatic download is not enabled by your security policy, distribute the new intermediate
certificate to client workstations that will connect to the Neoview platform. To understand
where a new CA certificate must be installed, see the Neoview User Management and Security
Administration Guide.
6.
Use the Deploy CA Signed Certificate tab on the HPDM CA Certificate screen to install
the new certificates on the Neoview platform.
If the Auto Download Certificate option is disabled, you must install the new certificate on
client workstations before installing it on the Neoview platform. Otherwise, connection attempts
from those workstations will fail.
Related topics
“Generate a Certificate Signing Request (CSR)” (page 127)
“Install Root and Intermediate Certificates on the Neoview Platform” (page 128)
“Display Security Policies” (page 117)
“About the Auto Download Certificate Option” (page 129)
Generate a Certificate Signing Request (CSR)
To use this procedure, you must be logged on as a user in the role of ROLE.SECMGR.
This procedure generates a certificate signing request (CSR) and allows you to save the CSR to
a folder on the workstation. You may then submit the CSR to the certificate authority for signing,
as described in
“Obtain and Install a CA Certificate and Private Key” (page 126)
Use these steps:
1.
Log on as a user belonging to ROLE.SECMGR. For more information about logging on, see
“Connect to a System” (page 25)
.
2.
Select the Security area. For more information about areas, see
3.
In the navigation tree pane, under the connected system, expand the Credentials folder,
and click the CA Signed Certificate folder.
4.
In the right pane, click the Generate CSR tab.
5.
Fill in the fields in the tab. For more information, see
“Use the Generate CSR Tab” (page 128)
.
6.
Click [ Generate ] to generate the certificate signature request. The Save As dialog box
appears.
7.
Select a folder and specify a file name.
8.
Click [ Save ] to save the certificate and send the CSR to the Certificate Authority.
Related Topics
“Use the Generate CSR Tab” (page 128)
Generate a Certificate Signing Request (CSR)
127