The Local Server Certificate link enables you to use certificates that are not generated by HP.
If you use the following process, the self-signed certificate that was generated by the HP SMH is replaced with one issued by a certificate authority (CA).
The first step of the process is to cause the HP SMH to create a Certificate Request (PKCS #10). This request uses the original private key associated with the self-signed certificate and generates data for the certificate request. The private key never leaves the server during this process.
After the Public Key Infrastructure PKCS #10 data is created, the next step is to send it to a certificate authority. Follow your company policies for sending secure requests for and receiving secure certificates.
After the certificate authority returns the PKCS #7 data, the final step is to import this into HP SMH.
After the PKCS #7 data is imported, the original
\hp\sslshare\cert.pem
certificate file for Windows and/opt/hp/sslshare/cert.pem
(/etc/opt/hp/sslshare/cert.pem
in HP SMH 2.1.3 and later on Linux x86 and x86-64) is overwritten with the system certificate from the PKCS #7 data envelope. The same private key is used for the new imported certificate that was used with the previous self-signed certificate. This private key is randomly generated at startup when no key file exists.
Select Settings from the menu.
In the System Management Homepage box, click the Security link.
Click the Local Server Certificate link.
Replace the default values in the Organization or Organizational Unit fields in the Create PKCS #10 Data box with your values, up to 64 characters.
If not specified, they are filled in with
Hewlett-Packard Company
for the Organization andHewlett-Packard Network Management Software (SMH)
for the Organizational Unit.Click Create in the Create PKCS #10 Data box.
A screen appears indicating that the PKCS #10 Certificate Request data has been generated and stored in
/etc/opt/hp/sslshare/req_cr.pem
on Linux x86 and x64, and
for Windows.systemdrive:
\hp\sslshare\req_cr.pemCopy the certificate data.
Use a secure method to send PKCS #10 certificate request data to a certificate authority, request the certificate request reply data in PKCS #7 format, and request that the reply data is in Base64-encoded format.
If your organization has its own Public Key Infrastructure (PKI) or Certificate Server implemented, send the PKCS #10 data to the CA manager and request the PKCS #7 reply data.
NOTE: A third-party certificate signer generally charges a fee.
When the certificate signer sends the PKCS #7 encoded certificate request reply data to you, copy this data from the PKCS #7 certificate request reply and paste it into the PKCS #7 information field in the Import PKCS #7 Data box.
Click Import.
A message appears indicating whether the customer-generated certificate was imported.
Restart HP SMH.
Browse to the managed system that contains the imported certificate.
When prompted by the browser, select to view the certificate and verify that signer is listed as the signer you used, and not HP, before importing the certificate into your browser.
If the certificate signer you choose sends you a certificate file in Base64-encoded form instead of PKCS #7 data, copy the Base64-encoded certificate file to
/etc/opt/hp/sslshare/cert.pem
on Linux x86 and x64, and
for Windows; then restart HP SMH.systemdrive
:\hp\sslshare\cert.pem
The Settings Page |