Use the Certificate Credentials Library to store SSH keys for Linux/Unix script monitors
Typically, you must associate credentials with component monitors to enable them to retrieve application data. For added security, SAM also includes a Certificate Credential Library where you can store certificate details for SSH keys required for script monitoring, including:
- User Name
- Private Key: Upload a private key file or paste the private key in PEM format.
- Key Type: RSA or DSA
- Password (optional)
Certificates can be used to authenticate Linux devices monitored in SAM. Linux, Unix, and Nagios script monitors also support certificate-based authentication.
The Certificate Credentials Library differs from the Credentials Library that stores standard authentication credentials for component monitors. For example, a WMI component monitor may need to run as a particular user (or service account) to collect information. See Use the Credentials Library for SAM component monitor credentials and the Setting Credentials in SAM video.
To access the Certificate Credentials Library:
- Click Settings > All Settings.
- Under Product Specific Settings, click SAM Settings.
- Click Certificate Credentials Library.
Assign certificate credentials
There are several ways to assign Certificate Credentials:
- When assigning an application monitor template to a node,
- When editing a template directly, and
- When editing component monitors in assigned application modules.
Before you begin, choose the right method
- If each node uses unique private keys, editing the application after it's assigned is the best option.
- If most nodes use the same private key, edit the credentials directly in the template.
You'll be prompted to provide the following details for each credential:
- Credential Name: User-defined text that identifies the credential for later use in templates.
- User Name: The user who is associated with the public key certificate on the target computer.
- Key: Text content of the private certificate file in Privacy Enhanced Mail (PEM) format.
- Key type: The algorithm the certificate used to generate the certificate pair. Those details are usually included in the header. For example,
--- BEGIN RSA PRIVATE KEY---.
- Key password: The password used to protect the certificate file
To assign certificate credentials when assigning a template to a node:
- Assign a template to a node.
- When asked to choose credentials, select the "Inherit credentials" from template option.
- Click Assign Application Monitors and then click Edit next to the template name.
- Select one or more Linux/Unix/Nagios script component monitors to edit by checking the boxes to the left of each monitor and clicking Multi-Edit.
- Check the Authentication Type box and select User name and PrivateKey from the drop-down menu.
- Check the Credential for Monitoring box, select the credentials from the drop-down menu, and click Save.
To assign certificate credentials when editing a template directly:
Click Settings > All Settings > Settings > Manage Templates.
Select the template and click Edit.
- Change the Authentication Type option to User name and PrivateKey for each component monitor that uses that type of authentication.
- In the Credential for Monitoring field drop-down menu, select a set of credentials.
- Click Submit.