Configure trusted certificates for multiple management servers


Every node has a certificate, which it uses identify itself to management servers. Every management server also has a certificates, which it uses to identify itself to nodes. Nodes receive their certificates from the certificate authority on their primary management server.

In an environment with multiple management servers, you must configure each secondary management server to trust certificates that primary management servers issued. This involves exporting the trusted certificate from every primary management server to every secondary management server. You must also update the nodes' trusted certificates, so that the nodes trust the secondary management servers.

To configure trusted certificates for multiple management servers

  1. On every management server, export the trusted certificate to a file using the following command:

    ovcert -exporttrusted -ovrg server -file <file>
    

    The command generates a file with the name that you specify.

  2. Copy each file to every other management server, and import each trusted certificate using the following command:

    ovcert -importtrusted -ovrg server -file <file>
    
  3. For every management server, update the trusted certificates on existing nodes:
    1. In the console tree, click ToolsarrowHP Operations Manager ToolsarrowCertificate Management.
    2. In the details pane, double-click Update trusted certificates. A dialog listing nodes and services appears.
    3. Select Nodes and click Launch.... The Tool Status dialog appears and shows progress.

Any new nodes that you create will receive all the trusted certificates when they receive their node certificate.

Related Topics: