Granting or Denying Certificate Requests Manually

The Certificate Requests tab in the Certificate Requests manager enables you to view a list of the certificate requests that the data processing server has received. You can decide whether to grant or deny each new certificate request individually.

Select Admin > Operations Management > Setup > Certificate Requests > Certificate Requests

Learn About

BSM gateway servers and other HP BTO Software applications use certificates to identify themselves and communicate securely with each other. The data processing server acts as a certificate authority. It can issue the required certificates to other computers in your environment, in response to the certificate requests that it receives.

After you grant a certificate request manually, the data processing server issues the certificates over the network to the computer that requested them, and updates the status of the certificate request accordingly.

If you deny a certificate request manually, it is not possible to subsequently grant that request. However, you can trigger a new certificate request if necessary.

Certificate requests remain in the list until you delete them. The list may contain certificate requests that the data processing server granted automatically.

Tasks

1. Open the Certificate Requests tab in the Certificate Requests manager: Admin > Operations Management > Setup > Certificate Requests > Certificate Requests
2. Select one or more certificate requests that have the status Pending.
3. Click one of the following buttons:
   • Grant the selected certificate requests. The data processing server sends certificates to the computer. When you grant a certificate request, its status changes to Granted. The certificate request is added to a queue, and the data processing server processes each request in turn. After the data processing server issues certificates to a computer, it sets the status of the certificate request to Succeeded. If the data processing server cannot connect to the certificate client on a computer, it sets the status of the certification request to Failed.
   • Deny the selected certificate requests. The data processing server informs the computer that its certificate request is denied.
4. Optional. Select certificate requests that have the state Succeeded or Denied, and then click the button to remove them from the list.

UI Reference

Reloads the list of certificate requests.

Grant Item: Grant the selected certificate request. The data processing server sends certificates to the computer. You can grant certificate requests only if they have the status Pending.

Deny Item: Deny the selected certificate request. The data processing server informs the node that its certificate request is denied.

Delete Item: Remove the selected certificate request from the list.

Filters the list of certificate requests according to the time that the data processing server receives them. Select one of the following options:

The status of the certificate request can be one of the following:

• Pending The certificate request arrived, but was not yet granted or denied.
• Granted The certificate request was granted, but the data processing server did not yet issue the certificates. The request is in a queue.
• Denied. The certificate request was denied, and the data processing server informed the certificate client on the computer.
• Succeeded. The data processing server issued certificates to the computer.
• Failed The certificate request was granted, but the data processing server cannot connect to the certificate client on the computer.

Tip: The smart filters underneath the list of certificate requests show the number of certificate requests with each status. Click any of the smart filters to filter the list of certificate requests according to status.

The installation type can be one of the following:

• Manual The HP BTO Software application was installed manually.
• Automatic The HP BTO Software application was deployed from a server (for example, an HP Operations Manager server).

Troubleshooting

If you deny a certificate request, it is not possible to subsequently grant that request. However, you can trigger a new certificate request as follows:

1. On the computer that needs a certificate, open a command or shell prompt.
2. On computers that run a UNIX or Linux operating system, make sure that the PATH variable contains the correct path to the certificate client commands:
   • On HP-UX, Solaris, or Linux, type export PATH=/opt/OV/bin:$PATH and then press Enter.
   • On AIX, type export PATH=/usr/lpp/OV/bin:$PATH and then press Enter.
   • On Tru64, type export PATH=/usr/opt/OV/bin:$PATH and then press Enter.
3. Type the following command: ovcert -certreq
4. In the Certificates Requests tab, click the button to reload the list of certificate requests.
5. Select the new certificate request, and then click the button to grant the request.