HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)

ManualsBrandsHP ManualsSoftwareHP Command View XP AE Media Kit

101

102

103

104

105

106

107

108

109

110

Command View XP AE Device Manager Server Security 106

–#Listen 23016

–#<VirtualHost <cluster manager IP address>:port-number>

–# ServerName <logical host name>

–# SSLEnable

–# SSLRequireSSL

–# SSLCertificateFile <name of signed certificate file>

–# SSLCertificateKeyFile <web server private key file>

–# SSLCACertificateFile <publicly signed certificate file>

–# SSLSessionCacheTimeout 3600

–#</VirtualHost>

Figure 6-31 Editing Format of the httpsd.conf File

6-4 Security Settings When Using CIM/WBEM Functionality

CIM/WBEM functionality supports SSL communication for the following functions:

• Object operations

In the object operation feature, a CIM client acts as an SSL client and the Device Manager

server acts as an SSL server.

By default, you can perform SSL communication in object operations. If you want to modify a

keystore file used for SSL, see

6-4-1 .

• Event indication

In the event indication feature, the Device Manager server acts as an SSL client and a CIM

client (Indication Listener) acts as an SSL server.

By default, the Device Manager server can use SSL communication to receive event indications

by following the CIM client requests. In this case, settings must be specified beforehand to

enable SSL communication between the CIM clients.

In addition, you can strengthen security by applying two-way authentication for object operations and

event indication. Two-way authentication enables communications between pre-specified trusted

users. In this way, users can accept object operations from specific CIM clients only, and send event

indications to specific CIM clients only. For details on the setting procedures, see

6-4-2 and 6-4-3 .

NOTE: Use Java commands to set up SSL. For details on how to use the commands, see 6-5 .

6-4-1 Procedure for Modifying the Keystore File for Object Operations

The keystore file used for CIMOM object operations (the keystore password is wbemssl) is by default

stored in the following location and can be used without any modification:

Device-Manager-installation-folder\HiCommandServer\wsi\server\

jserver\bin\.keystore

To modify the keystore file:

1. Create a keystore file.

Create a new keystore file to be used for object operations. Name the file .keystore and use it

to replace the default keystore file.

For details on creating keystore files, see

6-5 .

2. Encrypt the keystore password.

Use WSIEncryptString.jar to encrypt the keystore password that was specified during

creation of the keystore file in step 1. WSIEncryptString.jar is stored in the following

location:

Device-Manager-installation-folder\HiCommandServer\wsi\no-redist

Example of executing the command: