Jump to content English
hp.com home
HP Systems Insight Manager  |  Administering the Software  |  Server Certificates  |  Creating a Server Certificate

Server Certificates
Creating a Server Certificate

» HP Systems Insight Manager

»Table of Contents
»Index
»Product Overview
»Getting Started
»Monitoring Systems, Events, and Clusters
»Using Tasks
»Using Default Tools
»Reporting
»Administering the Software
»Users and Authorizations
»Users
»Backing Up and Restoring the Database
»Toolboxes
»System Groups
»Authorizations
»Managed Systems
»Audit Log
»Clusters
»Events
»Networking and Security
»Server Certificates
»Exporting a Server Certificate
»Editing a Server Certificate
Creating a Server Certificate
»Importing a Server Certificate
»Creating a CSR
»Submitting a CSR
»Importing a CA-Signed Certificate
»Synchronizing Certificates
»Trusted Certificates
»Identification
»Filtering
»Discovery
»Status Polling
»Data Collection
»Protocols
»WMI Mapper Proxy
»Manage System Types
»Version Control Repository
»Troubleshooting
»Printable Version
»Glossary
»Using Help
Content starts here
» Related Procedures
» Related Topic

Users with full configuration rights can create a new self-signed certificate when they must replace the HP Systems Insight Manager Secure Sockets Layer (SSL) Server Certificate and Private Key under the following situations:

  • The integrity of the HP Systems Insight Manager Server Certificate Private Key is compromised

  • When the existing HP Systems Insight Manager Server Certificate expires

This self-signed certificate is configured to expire 10 years from its date of creation.

Create a new self-signed certificate when you must replace the HP Systems Insight Manager SSL Server Certificate and Private Key. The public key is included in the certificate that goes out to the client. The private key is kept secure in the Keystore Database on the HP Systems Insight Manager server file system. The Public and Private Key pair of the Management HTTP Server (residing on the same system) are overwritten with the new HP Systems Insight Manager Public and Private Key pair.

Replacing the SSL Server Certificate and Private Key invalidates the existing HP Systems Insight Manager Server Certificate and the Management HTTP Server Certificate wherever they might be imported, such as browsers and Trusted Certificate Lists in other Management HTTP Servers. Replace the previous server certificate with the new server certificate, in accordance with your security practices, to return to the same level of functionality you had before.

This process also replaces the local Management HTTP Server Certificate and Private Key and updates the certificate sharing directory with a new server certificate and private key.

Valid characters for each of these fields are a through z (lower case), A through Z (upper case), 0 through 9, and the following special characters: ‘, (, ), +, ,, -, ., /, :, ?, space, _, and ~. Each field must contain at least one non-whitespace character.

To create a new certificate:

  1. Select OptionsSecurityCertificatesServer Certificates, and then click [New] .

  2. The New Server Certificate section is displayed. The fields are automatically populated with default values. However, you can change the information:

    1. The Common Name (CN) field holds the parameter that the browser uses for name comparison when browsing to the central management server. This field can be updated with other name formats, such as fully-qualified names, and can contain up to 64 characters.

    2. In the Organization (O) field, enter the name of your organization. This field can contain up to 64 characters.

    3. In the Organizational Unit (OU) field, enter the name of your department. This field can contain up to 64 characters.

    4. In the Locality (L) field, enter the name of your city. This field can contain up to 128 characters.

    5. In the State (S) field, enter the name of your state. This field can contain up to 128 characters.

    6. In the Country (C) field, enter the name of your country. This field can contain up to two characters, using the two-letter country codes.

  3. After changes are made, click [OK]. If you click [Cancel], you are returned to the Server Certificate page without creating a new server certificate. A warning is displayed reminding you of the effects of changing the certificate and private key. If you click [OK] in the warning box to continue, a new 1024 bit key-pair and a new self-signed certificate are generated. The old key-pair and certificate are not retrievable unless a backup was created manually before this process.

  4. The new certificate and private key take effect the next time HP Systems Insight Manager is restarted. Reboot the HP Systems Insight Manager server to ensure the new certificate is properly synchronized with the local Management HTTP Server and any applications or components using the certificate sharing directory.

After creating a new server certificate, reboot the HP Systems Insight Manager server for the HP Systems Insight Manager server certificate to be synchronized with the HTTP Server Certificate. Synchronizing the certificates prevents repeated browser security alerts when browsing to HP Insight Management Agents on the HP Systems Insight Manager server.

Related Procedures

» Server Certificates - Exporting a Server Certificate
» Server Certificates - Importing a Server Certificate
» Server Certificates - Editing a Server Certificate
» Server Certificates - Synchronizing Certificates

Related Topic

» Administering the Software - Server Certificates