When Should a SIC Certificate be Generated?

A SIC Certificate must be generated and retrieved in the following situations:

• If you add a new CMA or SmartCenter and you want to collect log data for Rule Usage Analysis.
• If your Data Collector IP address changes, or if you want to monitor a management server with a different Data Collector. The OPSEC application object establishes a relationship between a specific Data Collector and the management server. If the Data Collector IP address changes, or if you select a different Data Collector to monitor the management server, you must create a new OPSEC application object and generate a new certificate.
• If you want to secure CPMI communication between the MDS and the Data Collector. You must create an OPSEC application object on the MDS and retrieve the certificate.
• If you change the SIC authentication method.

Security Manager can create the OPSEC application object automatically and retrieve the certificate for you, or you can create the object manually and initialize trust.