This page has information about configuring Hyperic components for user-managed keystores. If you do not configure the Hyperic Server and Hyperic Agents to use keystores you establish and manage, they will generate default keystores with self-signed certificates.
Hyperic recommends user-managed keystores. For more information, see Hyperic Security Features and Recommendations.
If you plan to configure the Hyperic Server and Agents for user-managed keystores with certificates from your CA for SSL communications, before installing Hyperic:
- Obtain SSL certificates for the Hyperic Server and each Hyperic Agent.
- Set up a JKS format keystore for the Hyperic Server on its host, import the SSL certificate for it, and note the full path to the keystore and its password. The Hyperic installer (in -full mode) prompts for this information.
- Setup a keystore for each Hyperic Agent on its host, import the SSL certificate for it, and configure its location and password in the agent's AgentHome/conf/agent.properties file, by setting the values of agent.keystore.path and agent.keystore.password.
Password Requirement for Hyperic Keystores
The Hyperic Server's keystore password and private key password must be the same — otherwise, the Hyperic Server's internal Tomcat-based server will be unable to start. For information about why, see http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html. Follow the same convention for a Hyperic Agent keystore — set the password for the agent keystore be the same as the agent private key,
- If you plan to configure Hyperic Agents for unidirectional communication, define the keystore name using the agent.keystore.alias property.
- Restart each agent after editing its properties file.
Please see Hyperic 4.6 Upgrade Processes and Options.
Please See SSL and Hyperic Product Plugins.