The Local Server Certificate link enables you to use certificates that are not generated by HP.

If you use the following process, the self-signed certificate that was generated by the HP SMH is replaced with one issued by a certificate authority (CA).

To create a certificate:

  1. Select Settings from the menu.

  2. In the System Management Homepage box, click the Security link.

  3. Click the Local Server Certificate link.

  4. Replace the default values in the Organization or Organizational Unit fields in the Create PKCS #10 Data box with your values, up to 64 characters.

    If not specified, they are filled in with Hewlett-Packard Company for the Organization and Hewlett-Packard Network Management Software (SMH) for the Organizational Unit.

  5. Click Create in the Create PKCS #10 Data box.

    A screen appears indicating that the PKCS #10 Certificate Request data has been generated and stored in /etc/opt/hp/sslshare/req_cr.pem on Linux x86 and x64, and systemdrive: \hp\sslshare\req_cr.pem for Windows.

  6. Copy the certificate data.

  7. Use a secure method to send PKCS #10 certificate request data to a certificate authority, request the certificate request reply data in PKCS #7 format, and request that the reply data is in Base64-encoded format.

    If your organization has its own Public Key Infrastructure (PKI) or Certificate Server implemented, send the PKCS #10 data to the CA manager and request the PKCS #7 reply data.

    [Note]

    NOTE: A third-party certificate signer generally charges a fee.

  8. When the certificate signer sends the PKCS #7 encoded certificate request reply data to you, copy this data from the PKCS #7 certificate request reply and paste it into the PKCS #7 information field in the Import PKCS #7 Data box.

  9. Click Import.

    A message appears indicating whether the customer-generated certificate was imported.

    [Note]

    NOTE: If for any reason the HP SMH self-signed certificate gets corrupted or deleted, a new self-signed certificate is created with default settings, in which a few of the fields like the Country, State, and Location are hard-coded regardless of where the target system is geographically located.

    To modify these fields, command line option is available. Run the following command to modify the Country, State, and the Location: smhconfig -N|| --certificate-locality[=]    LOCALITYINFO where LOCALITYINFO is the locality information in Country; State; Locality format.

  10. Restart HP SMH.

  11. Browse to the managed system that contains the imported certificate.

  12. When prompted by the browser, select to view the certificate and verify that signer is listed as the signer you used, and not HP, before importing the certificate into your browser.

    If the certificate signer you choose sends you a certificate file in Base64-encoded form instead of PKCS #7 data, copy the Base64-encoded certificate file to /etc/opt/hp/sslshare/cert.pem on Linux x86 and x64, and systemdrive:\hp\sslshare\cert.pem for Windows; then restart HP SMH.

Related Procedures

Anonymous/Local Access
IP Binding
IP Restricted Login
Alternative Names Certificates
Port 2301 and Autostart (Linux only)
Port 2301 (Windows only)
Timeouts
Trust Mode
Trusted Management Servers
Kerberos Authorization Procedure (Windows Only)
User Groups

Related Topic

The Settings Page