It is not immediately obvious how to install an existing digital certificate to HP’s Intelligent Management Center (iMC). Thankfully, it is possible although via a somewhat convoluted process.
The information needed to do this is derived from an article on HP’s Support Center:
This documentation is clearly left wanting as it only explains how to create a self-signed digital certificate for iMC using Java’s keytool but not how to import and use an existing one.
From the documentation, we learn that:
- A Java keystore is used to hold the certificate. It is located at “iMC installation path\iMC\client\security\” with a file name of “keystore“.
- The password to the keystore is “iMCV300R002“.
- Within the keystore, a key with alias “imc” is stored and this is protected with the same password of “iMCV300R002“.
Assuming that the existing digital certificate is in PFX / PKCS12 format and includes a complete chain to the root:
1) Stop the iMC service.
2) At the command line, from Java’s bin directory and substituting paths as appropriate, convert the certificate to the required format:
keytool -importkeystore -srckeystore c:\certificate.pfx -destkeystore c:\keystore -srcstoretype pkcs12 -deststoretype JKS -storepass iMCV300R002 -v
You will be asked for the existing password to the source keystore and will be given the entry alias if the import is successful. Take a note of it.
Enter source keystore password:
Entry for alias le-5aa48bcf-bb89-4447-bdc5-1a1aa868355c successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
3) Clone the imported key using the noted alias, naming the cloned key “imc”:
keytool -keyclone -keystore c:\keystore -alias le-5aa48bcf-bb89-4447-bdc5-1a1aa868355c -dest imc
You will be asked for the password to the keystore that has been created, which is “iMCV300R002“, and the password to the imported key, which is the password to the original source keystore.
When asked for the password for the cloned key that is to be created, specify “iMCV300R002” and confirm it.
Enter keystore password:
Enter key password for <le-5aa48bcf-bb89-4447-bdc5-1a1aa868355c>
Enter key password for <imc>
(RETURN if same as for <le-5aa48bcf-bb89-4447-bdc5-1a1aa868355c>)
Re-enter new password:
4) Delete the now superfluous key from the keystore by specifying its alias and giving the keystore password, “iMCV300R002“:
keytool -delete -keystore c:\keystore -alias le-5aa48bcf-bb89-4447-bdc5-1a1aa868355c
Enter keystore password:
5) Replace the existing keystore file in “iMC installation path\iMC\client\security\” with the one that has been created.
6) Start the iMC service.