9.4.2 Changing configured certificates

This subsection explains how to change configured certificates on the manager host and the viewer host. If there are multiple manager hosts, perform the procedure described below on each manager host.

Figure 9‒10: Procedure for changing certificates

The following provides a detailed explanation (the numbers below correspond to the numbers in the figure).

1. Stop JP1/IM - View and JP1/IM - Manager.

2. Stop JP1/Base.

3. Replace the private key and the certificates that are to be changed.

4. If there is a change to the root certificate that corresponds to a server certificate replaced in step 3, replace the root certificate in JP1/Base.

5. If the file names or storage locations of the private key and certificates have been changed, specify the communication encryption function settings in JP1/Base (edit the common definition information).^#1

6. Start JP1/Base.

7. Start JP1/IM - Manager.

8. If the root certificate is to be changed in JP1/IM - View, replace the root certificate used to verify the server certificate of JP1/IM - Manager.^{#2, #3}

   • Root certificate storage location

     View-path\conf\ssl\rootcer

9. Log in to JP1/IM - Manager again from JP1/IM - View.

10. Stop JP1/IM - Manager and JP1/Base on the remote host in the following cases:

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

11. Replace the root certificate on the remote manager host in the following cases:^#3

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

    If the root certificate is to be changed, replace the root certificate used to verify the server certificate of JP1/IM - Manager. If the root certificate has been combined with other certificates, replace only the corresponding root certificate.

12. If you will be changing the file name or storage location of the root certificate in the following cases, configure the communication encryption function in JP1/Base on the remote manager host (edit the common definition information):^#1

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

13. Start JP1/IM - Manager and JP1/Base on the remote host in the following cases:

    • The handling status is to be changed from the remote manager host by executing the jcochstat command with the -h option specified.

    • The IM Configuration Management function is being used on the higher manager.

#1: For details, see the JP1/Base User's Guide.

#2: For details, see 13.11.3(1) Encryption between a manager host and a viewer host in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

#3: To edit a certificate, use a text editor to open the certificate and edit its contents.

After you have configured the communication encryption function, check if the function has been configured correctly. For details about the checking procedure, see 9.4.5 Checking whether the communication encryption function has been configured correctly.

To Page Top