Store SSH keys in the Certificate Credentials Library
Typically, you must associate credentials with component monitors and templates to enable them to retrieve application data. For added security, SAM also includes a Certificate Credential Library where you can store certificate details for Secure Shell (SSH) keys required for script monitoring on SAM nodes, including:
- User Name
- Private Key: Upload a private key file or paste the private key in PEM format.
- Key Type: RSA or DSA
- Password (optional)
Certificates can be used for authentication with Linux devices monitored in SAM. Linux, Unix, and Nagios script monitors also support certificate-based authentication.
The Certificate Credentials Library differs from the Credentials Library that stores standard authentication credentials for component monitors. For example, a WMI component monitor may need to run as a particular user (or service account) to collect information. See Understand the Credentials Library in SAM and the Setting Credentials in SAM video.
To access the Certificate Credentials Library:
- Click Settings > All Settings.
- Under Product Specific Settings, click SAM Settings.
- Click Certificate Credentials Library.
Assign certificate credentials
There are two ways to assign Certificate Credentials — when assigning a template to a node or when editing a template directly. Before you begin, choose the right method
- If every node uses unique private keys, then editing the application after it is assigned is the best option.
- If most or all of your nodes use the same private key, then you should edit the credentials directly in the template.
You'll be prompted to provide the following details for each certificate credentials:
- Credential Name: User-defined text that identifies the credential for later use in templates.
- User Name: The user who is associated with the public key certificate on the target computer.
- Key: Text content of the private certificate file in Privacy Enhanced Mail (PEM) format.
- Key type: The algorithm the certificate used to generate the certificate pair. (This can be found as part of the header. For example, e.g. "--- BEGIN RSA PRIVATE KEY---.")
- Key password: The password used to protect the certificate file
To assign certificate credentials when assigning a template to a node:
- Assign a template to a node.
- When asked to choose credentials, select the "Inherit credentials" from template option.
- Click Assign Application Monitors and then edit the template by clicking Edit next to the template name.
- From here, you can select one or more Linux/Unix/Nagios script component monitors to edit by checking the boxes to the left of each monitor and then clicking Multi-Edit.
- Check the Authentication Type box and select User name and PrivateKey from the drop-down menu.
- Check the Credential for Monitoring box and select the credentials you want to use from the drop-down menu, and then click Save.
To assign certificate credentials when editing a template directly:
- Select the template you want to edit.
- Change the Authentication Type option to User name and PrivateKey for each component monitor that should use this authentication type.
- From the Credential for Monitoring field drop-down menu, select the credentials you want to use with your monitors, and then click Submit.