A Enabling SSL for HTTPS

This appendix provides the needed instructions if you choose HTTPS as the protocol to establish a connection between HP Service Manager and Enterprise Manager.

A.1 Generating and Importing a Certificate Request

Do the following to generate and then import the certificate:

  1. Generate a certificate request file for HP Service Manager and send it to the Certificate authority, such as VeriSign.

    The host name or IP address specified in the request must exactly match the host name or IP address that the connector will use.


    The certificate request file is dependent on the Web server that HP Service Manager uses.
  2. After you get the certificate, import it to the Web server that HP Service Manager uses. The import mechanism varies depending on the Web server that the HP Service Manager Help Desk uses.

A.2 Installing and Configuring SSL

For information about installing and configuring SSL, see the Service Manager 7.0 Installation Guide.

A.3 Importing the Adapter Certificate into Enterprise Manager

To import the adapter SSL certificate into the Enterprise Manager keystore:

  1. At the Service Manager web server system, extract the SSL certificate from the keystore into a certificate file using the RFC 1421 format.

    If you use the Java keytool -export_cert command to extract the certificate, the -rfc option stores the certificate in the correct format.

  2. Transfer the certificate file to the system where Enterprise Manager is installed.

  3. Append the contents of the certificate file to:

    • Only append the following lines to the b64LocalCertificate.txt file (that is, do not include blank lines or comments or any other special characters):

      -----BEGIN CERTIFICATE-----
      <<<Certificate in Base64 format>>>
      -----END CERTIFICATE-----
  4. Restart the OMS by entering the following commands:

    emctl stop oms
    emctl start oms


Do not run the emctl secure oms/agent command after adding the external certificate to the b64LocalCertificate.txt file. If you run the emctl secure command later, repeat steps 3 and 4 to make sure the external certificate exists in the b64certificate.txt file.