Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Operations Manager i10.62

Administer > Hardening > Use TLS in OMi > Obtain server certificates from a CA

Obtain server certificates from a CA

Generally, server certificates must be issued to the name of the external access point (FQDN) that is configured in Default Virtual Gateway Server for Application Users/Data Collectors URL. This is the name that users and data collectors use to access OMi. The SubjectAlternativeName field of the certificate must contain the FQDN of the system for which the certificate is issued.

If your TLS termination points are not the front-end URLs (OMi virtual gateway server URLs), you must issue server certificates for these termination points (load balancer/reverse proxy) as well.

Note We recommend using the strongest currently available cryptographic algorithms when obtaining server certificates, as well as the largest key size (not less than 2048-bit RSA keys). To see the latest NIST approved cryptographic algorithms and key lengths, go to http://csrc.nist.gov/publications/PubsFIPS.html.

Obtaining Certificates for the Gateway Server

Obtain a server certificate for each of the front-end URLs that you want to secure: one for users to access OMi, and one for data collectors to access OMi.

Note When using aliases (for example, one name for users, one for data) on the same OMi gateway server, you can obtain a Subject Alternative Name (SAN) certificate with a predefined set of DNS names.

The server certificates must be issued into the exact FQDNs. During the configuration, OMi automatically inserts these same FQDNs into the Administration > Setup and Maintenance > Infrastructure Settings page in the following rows:

Default Virtual Gateway Server for Application Users URL
Default Virtual Gateway Server for Data Collectors URL

You only need to manually update these settings if the URL for the data collectors differs from the URL for application users.

Examples:

If the external access point is loadbalancer.example.com, and the name of your gateway servers is gateway1.example.com and gateway2.example.com, the following server certificates must be obtained:

For loadbalancer.example.com: issued to loadbalancer.example.com, SubjectAlternativeName field set to loadbalancer.example.com.
For gateway1.example.com: issued to loadbalancer.example.com, SubjectAlternativeName field set to gateway1.example.com.
For gateway2.example.com: issued to loadbalancer.example.com, SubjectAlternativeName field set to gateway2.example.com.

If your URL is https://omiUsers.mycompany.com:443, you would issue a certificate to omiUsers.mycompany.com.

Send Help Center feedback