Introduction

HP Application Discovery uses Secure Sockets Layer (SSL) certificates to authenticate and secure data transmission between HP Application Discovery agents and the HP Application Discovery server. Once HP Application Discovery components are installed, the accompanying certificate information for HP Application Discovery server and for HP Application Discovery agent must be exchanged to allow the server and agents to recognize legitimate transmissions.

Certificate exchange can be done from (HP SIM) within HP Systems Insight Manager (HP SIM) or from the command line on the central management server.

Using HP SIM to Complete Certificate Exchange

Initiate certificate exchange by selecting Configure Configure VSE AgentsExchange AD Agent Certificates from the HP SIM top menu.
Select the HP-UX systems where you want the exchange to occur using the HP SIM system selection list. Click Apply.
Verify the system selection and click Next.
A description is displayed of the action about to take place. When you are sure that you want to exchange certificates so that the HP Application Discovery agent can begin reporting data to the server, click Run now to complete the certificate exchange.

NOTE: If you find that you are unable to exchange certificates from within HP SIM, check the following:

That you have the correct permissions associated with your login ID.
That the targeted managed node is authorized to accept remote commands from HP SIM.
To set the correct SSH configuration that authorizes the acceptance of remote commands, type the following command on the CMS:
mxagentconfig -a -n managed_system -u login -p password
where managed_system is the name of the target system for which you want to enable remote communication, login is the user name on the managed system, and password is the password of that user on the managed system.

Completing Certificate Exchange from the Command Line

From the command line, you can exchange certificates with one or more managed hosts.

Log in as a privileged user on the system hosting the CMS. (See User Authorizations for tool access information.)
Assuming installation to default directories, enter the following command on HP-UX:
/opt/amgr/bin/amgr_remote_config -a -mx -n system_name -u root
and on Windows:
C:\Program Files\HP\Virtual Server Environment\bin\amgr_remot_config.bat -a -mx -n system_name
To configure multiple hosts, add -n system_name for each host to be configured.
By default, amgr_remote_config uses Secure Shell (SSH) to complete this action securely across the network.
-u option supported on HP-UX only:
You might be prompted to provide a password for the specified user for each system login. You must supply the password in order to proceed.
Once the login is accomplished, the CMS sends its SSL certificate to the agent on the managed host, and the agent supplies its SSL certificate to the CMS. HP Application Discovery agents can now transfer data securely to the CMS, and the CMS can authenticate the transmission.




	Have you recently restored or removed and reinstalled the CMS? : A restore or removal of the central management server also removes the certificate recognition previously established between Application Discovery server on the CMS and Application Discovery agents on managed nodes. This relationship must be re-established when the CMS is reinstalled or restored by completing the Application Discovery certificate exchange.

Introduction

Technical documentation

» Table of Contents

» Glossary

» Index

Using HP SIM to Complete Certificate Exchange

Completing Certificate Exchange from the Command Line