SSL-based connectivity
The Probe for HPE Operations Manager i supports Secure Sockets Layer (SSL) connections between the probe and HPE Operations Manager i. SSL connections provide additional security when the probe retrieves alarms from the target systems.
To enable SSL connections, obtain the required SSL certificates and the Trusted Authority certificate from the HPE Operations Manager i server administrator. Add the certificates to a local Java™ keystore so that they can be referenced by the KeyStore property.
- The OpenSSL toolkit.
This is available from
- The IBM® KeyMan utility.
This is available from
- The Keytool toolkit.
This is available in the JRE package.
Converting the key and certificate into PKCS12 format
you have a key and a certificate from the server in separate files,
you must combine them into a single PKCS12
file to load into a new keystore. To convert the server certificate
into PKCS12
format, use the following OpenSSL toolkit
openssl pkcs12 -export -inkey key_file -in cert_file -out cert_pkcs12
the key file retrieved from the server.
the certificate retrieved from the server.
the combined file in PKCS12
format for loading into
the keystore.
Creating the SSL keystore
You can create
a Java keystore using either
the KeyMan
utility or the Keytool
utility, follow these steps:- Start the
utility. - Click Create New and select the Keystore token option.
- Click
This imports the certificate into the keystore.
and choose the certificate that you retrieved from
the server. - Click trusted_keystore.jks. and enter a password and name for the keystore; for example,
utility, follow these steps:- Generate a keystore and self-signed certificate using the following
keytool -genkey -keyalg RSA -alias alias_name -keystore keystore_file -storepass keystore_password -validity 360 -keysize 2048
- Import the SSL certificate into the newly created Java keystore
file using the following command:
keytool -import -trustcacerts -alias alias_name -file cert_file -keystore keystore_file
- Verify that the certificates are in a Java keystore using the
following command:
keytool -list -v -keystore keystore_file
Enabling SSL connections
file:- Set the EnableSSL property to true.When the EnableSSL property is set to true, the following properties are enabled:
- KeyStore
- KeyStorePassword
- Use the KeyStore property to specify the location of the keystore file.
- Use the KeyStorePassword property to specify
a password for the keystore.Note: You can encrypt the keystore file password using the nco_aes_crypt utility (for FIPS 104-2 mode security).
- Set the Port property to the port that the probe uses for SSL connections.