HP

HP System Management Homepage

English
  The Settings Page  |  Security  |  Local Server Certificate   

Local Server Certificate

»Table of Contents
»Index
»Product Overview
»Getting Started
»Navigating the Software
»The Home Page
»The Settings Page
»Menus
»Credits
»Security
»IP Binding
»IP Restricted Login
Local Server Certificate
»Multihomed Certificates
»Local/Anonymous Access
»Trust Mode
»Trusted Management Servers
»User Groups
»The Tasks Page
»The Tools Page
»The Logs Page
»Troubleshooting
»Legal Notices
»Printable version
»Glossary
»Using Help
» Related Topics

The Local Server Certificate link enables you to use certificates that are not generated by HP.

If you use the following process, the self-signed certificate that was originally generated by the HP System Management Homepage (HP SMH) is replaced with one that was issued by a certificate authority (CA).

  • The first step of the process is to cause the HP SMH to create a Certificate Request (PKCS #10). This request uses the original private key that was associated with the self-signed certificate and generates the appropriate data for certificate request. The private key never leaves the server during this process.

  • After the PKCS #10 data has been created, the next step is to send it to a certificate authority. You should follow your company policies for sending secure requests for and receiving secure certificates.

  • After the certificate authority has returned the PKCS #7 data, the final step is to import this into HP SMH.

  • After the PKCS #7 data has been successfully imported, the original \hp\sslshare\cert.pem certificate file for Windows, /opt/hpsmh/sslshare/cert.pem file for HP-UX, and /opt/hp/sslshare/cert.pem (/etc/opt/hp/sslshare/cert.pem in HP SMH 2.1.3 and later on Linux x86 and x86_64) is overwritten with the system certificate from that PKCS #7 data envelope. The same private key is used for the new imported certificate as was used with the previous self-signed certificate. This private key is randomly generated at startup when no key file exists.

To create a certificate:

  1. Select SettingsSystem Management HomepageSecurity.

  2. Select Local Server Certificate.

  3. Optionally, you can replace the default values in the Organization or Organizational Unit fields with your own values up to a maximum of 64 characters.

  4. Click [Create PKCS #10 Data]. A screen appears indicating that the PKCS #10 Certificate Request data has been successfully generated and stored in /opt/hpsmh/sslshare/req_cr.pem for HP-UX, /opt/hp/sslshare/req_cr.pem (/opt/hp/hpsmh/data/req_cr.pem in HP SMH 2.1.4 and later on Linux x86 and x86_64), and <systemdrive>\hp\sslshare\req_cr.pem (<systemdrive>\hp\hpsmh\data\req_cr.pem in HP SMH 2.1.4 and later) for Windows.

  5. Copy the certificate data.

  6. Use a secure method to send PKCS #10 certificate request data to a certificate authority and request the certificate request reply data in the form of PKCS #7 format. Request that the reply data is in Base64-encoded format. If your organization has its own Public Key Infrastructure (PKI) or Certificate Server implemented, send the PKCS #10 data to the CA manager and request the PKCS #7 reply data.

    A third-party certificate signer generally charges a fee.

  7. When the certificate signer sends the PKCS #7 encoded certificate request reply data to you, copy this data from the PKCS #7 certificate request reply and paste it into the PKCS #7 Data field.

  8. Click [Import PKCS #7 Data]. A message appears indicating whether the customer-generated certificate was successfully imported.

  9. Restart HP SMH.

  10. Browse to the managed system that contains the imported certificate.

  11. Select to view the certificate when prompted by the browser. Be sure the signer is listed as the signer you used, and not HP, before importing the certificate into your browser.

    If the certificate signer of your choice sends you a certificate file in Base64-encoded form instead of PKCS #7 data, copy the Base64-encoded certificate file to /opt/hpsmh/sslshare/cert.pem for HP-UX, /etc/opt/hp/sslshare/cert.pem (/etc/opt/hp/sslshare/file.pem in HP SMH 2.1.3 and later on Linux x86 and x86_64), and %SystemDrive%:\hp\sslshare\cert.pem for Windows; (%SystemDrive%:\hp\sslshare\file.pem in HP SMH 2.1.3 and later on Windows) then restart HP SMH. If the certificate signer of your choice sends you a certificate file in Base64-encoded form instead of PKCS #10 data, copy /opt/hp/hpsmh/data/req_cr.pem on Linux x86 and x86_64, and %SystemDrive%:\hp\hpsmh\data\req_cr.pem for Windows then restart HP SMH.

Related Topics

» Getting Started - Configuring Firewall Settings
» The Settings Page - Security
» Security - IP Binding
» Security - IP Restricted Login
» Security - Local/Anonymous Access
» Security - Trust Mode
» Security - Trusted Management Servers
» Security - User Groups