Initializing The Software For The First Time; Key And Certificate Information - HP BL860c Installation Manual
System management homepage 6.2 hp-ux, linux, and windows operating systems
Hide thumbs
Also See for BL860c:
- Datasheet (511 pages) ,
- User's & service manual (184 pages) ,
- Deployment manual (84 pages)
Table of Contents
Advertisement
8 Initializing the software for the first time
After you have installed and configured HP SMH for the first time, a process to create a private key and
corresponding self-signed Base64-encoded certificate is initiated. This certificate is a Base64-encoded PEM
file.
Key and certificate information
In HP-UX operating systems, both public and private keys for HP SMH are stored in the
/var/opt/hpsmh/sslshare directory. The files are called file.pem (private key) and cert.pem
(server certificate).
With HP SMH running on Apache 2.2 (HP-UX 1 1iv3), the Apache Tomcat communication requires
certificate-based authentication through https connection on port 1 188 (by default). The certificate
/var/opt/hpsmh/sslshare/proxy.pem, generated during installation, is used for this purpose.
For effective Apache Tomcat communication required to launch the Java plug-ins, do not alter this
certificate on the system.
In Linux operating systems, both public and private keys for HP SMH are stored in the
/etc/opt/hp/sslshare directory. The files are called file.pem and cert.pem.
In Windows operating systems, public and private keys are stored in the <System
Drive>:\hp\sslshare directory of the system drive.
To protect the keys, this subdirectory is only accessible to administrators if the file system allows such
security. For private key security reasons, HP recommends that you install Windows installations of HP
SMH on New Technology File System (NTFS).
IMPORTANT:
administrator only access through the file.
If the private key is compromised, you can delete the <System Drive>:\hp\sslshare\cert.pem file
and restart the server. This action causes HP SMH to generate a new certificate and private key.
NOTE:
Certificate and private key generation occurs only the first time HP SMH starts or when no certificate
and key pair exists.
A certificate from a certificate authority (CA), such as Verisign or Entrust, can replace self-generated certificates.
These certificate and key files are shared with other HP Management software, such as HP SIM.
For Windows operating systems, the file system must use NTFS for the private key to have
Key and certificate information
59
Advertisement
Table of Contents
