HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)

ManualsBrandsHP ManualsSoftwareHP Command View XP AE Media Kit

Command View XP AE Device Manager Server Security 80

6 Command View XP AE Device Manager Server

Security

6-1 Overview of Command View XP AE Device Manager

Security

This section discusses the following server security procedures:

• An overview of server security (see section

6-1-1 )

• Enabling SSL/TLS server security (see section

6-2-2 )

• Obtaining a signed and trusted Server Certificate (see section

6-2-3 )

• Displaying the contents of the server keystore (see section

6-2-4 )

• Deleting an entry from the server keystore (see section

6-2-5 )

• Changing the server keypass (see section

6-2-6 )

• Changing the server password (see section

6-2-7 )

• Displaying the contents of the server truststore (see section 6-2-8 )

• Displaying the verbose contents of the server truststore (see section

6-2-9 )

• Deleting an entry from the server truststore (see section

6-2-10 )

• Changing the password for the server truststore (see section 6-2-11 )

The following Common Web Service security procedures are also discussed in this section:

• Generating a Private Key (see section 6-3-1 )

• Creating a Certificate Signing Request (see section 6-3-2 )

• Creating a self-signed certificate (see section

6-3-3 )

This section also describes security settings when using CIM/WBEM functionality. For details, see

sections 6-4 and 6-5 .

6-1-1 Introduction to the Device Manager Server and Common Web

Service Security

Command View XP AE Device Manager uses Secure Sockets Layer (SSL) and Transport Layer

Security (TLS) to encrypt network transmissions between the Device Manager client and the Device

Manager server or the Common Web Service. SSL and TLS use cryptography, digital signature

technology and digital certificates to provide user authentication, data integrity, and privacy. This

document includes instructions for configuring Device Manager to securely communicate over the

Internet or an Intranet using SSL and TLS.

CAUTION: If you are using Internet Explorer, set your options so that encrypted pages are not saved to disk.

IMPORTANT: If you enable security on Device Manager, you must make sure that the key pair and

associated server certificate do not expire. If either the key pair or the server certificate expires, users will be

unable to connect to the Device Manager server or Common Web Service with the Device Manager Web

Client. See section

6-2-1 for instructions.

NOTE: If you use SSL-encrypted communication, you must enter https:// in the browser when sending a

request.

This chapter includes the following terms:

• <host name> is used to indicate the name of the host that is running the Device Manager

server or Common Web Service, unless otherwise indicated.

• <Java Web Start> is used to indicate the default Java™ Web Start installation directory on a

client machine. If a client’s Java™ Web Start directory is not located in the default location,

adjust commands or paths accordingly. The default directories are as follows: