Defining the TSM users
When defining a TSM user, you are also required to specify the TSM certificate of the user (either the certificate fingerprint or the file that holds the certificate). During the user configuration, also specify the TSM certificate of the SNMP agent (either the certificate fingerprint or the file that holds the certificate).
Before configuring a TSM user, create the X.509 user keys and certificates for the associated SNMP manager and agent, and then install each key-and-certificate pair on the paired SNMP entities.
Note: The generation and distribution of certificates and keys by using PKI involves numerous complex security issues, which are outside the scope of this document. Consult your particular PKI deployment documentation for the necessary procedures to generate and distribute these certificates and keys.
Note: The location of the certificates and keys on the SNMP-manager system is dependent on the specific SNMP management software used.
Perform the following steps before configuring TSM:
- Generate the X.509 user key and certificate (one pair) for each of the paired SNMP entities.
- Add the security keys for the SNMP agent and SNMP manager to the ~/.snmp/tls/private/ directory.
- Add the certificates for the SNMP agent and SNMP manager to the ~/.snmp/tls/certs/ directory.