Configuring SNMPv3 as a TSM Model

Configuring SNMPv3 as a TSM Model:

1. From the CLI manager navigate to Administration > OS Console.

   The command prompt appears.

2. Set up the CA certificates, Server certificates, Client certificates, and Server key on the server using the following commands:

   ln -s /etc/ksa/certificates/CA.pem /etc/snmp/tls/ca-certs/CA.crt
   
   ln -s /etc/ksa/certificates/server.pem /etc/snmp/tls/certs/server.crt
   
   ln -s /etc/ksa/certificates/client.pem /etc/snmp/tls/certs/client.crt
   
   ln -s /etc/ksa/certificates/mng/server.key /etc/ksa/certificates/server.key
   

3. Change the mode of the server.key file under /etc/ksa/certificates/ directory to read only using the following command:

   chmod 600 /etc/ksa/certificates/server.key
   

4. Edit the snmpd.conf file under /etc/ksa directory.

5. Append the following configuration in the snmpd.conf file.

   [snmp] localCert server
   [snmp] trustCert CA
   certSecName 10 client --sn <username>
   Trouser -s tsm "< username>" AuthPriv
   

   Alternatively, you can also use a field from the certificate using the –-cn flag as a username as follows:

   certSecName 10 client –cn
   Trouser –s tsm “Protegrity Client” AuthPriv
   

   To use fingerprint as a certificate identifier, execute the following command:

   net-snmp-cert showcerts --fingerprint
   11`
   

6. Restart the SNMP daemon using the following command:

   /etc/init.d/snmpd restart
   

   You can also restart the SNMP service using the ESA Web UI.

7. Deploy the certificates on the client side.