HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Server Security 81
• Windows
®
: c:\Program Files\Java Web Start
• <server installation directory> is used to indicate the default Device Manager server
installation directory. If your directory is not located in the default directory, adjust commands or
paths accordingly. The default server installation directories are as follows:
• Windows
®
: c:\Program Files\CVXPAE\DeviceManager
• Public Key Infrastructure (PKI) is a cryptographic technology developed under the guidance of
the ITEF (Internet Technology Engineering Taskforce) to create a secure networking system that
can have interoperative characteristics between multiple vendors.
• Secure Sockets Layer (SSL) is a protocol first developed by Netscape
®
to securely transmit data
over the Internet. Two SSL-enabled peers use their Private and Public Keys to establish a
secure communication session, with each peer encrypting transmitted data with a randomly
generated and agreed-upon symmetric key.
• Transport Layer Security (TLS) is the successor protocol to SSL. For more information, see RFC
The TLS Protocol (version 1.0), located on ftp://ftp.isi.edu/in-notes/rfc2246.txt.
• A keypair is two mathematically-related cryptographic keys consisting of a Private Key and its
associated Public Key.
• A keystore is a file that contains the keypair, which is used for TLS/SSL connections and the
corresponding server certificate.
• A keypass is a password for restoring the keypair used to encrypt TLS/SSL connections and the
corresponding server certificate.
• A truststore is a file containing a signed and trusted server certificate.
• A Server Certificate (sometimes also called a Digital Certificate) forms an association between
an identity (in this case the Device Manager server or the Common Web Service) and a specific
keypair. A Server Certificate is used to identify the Device Manager server or Common Web
Service to a client so that the server and client can communicate using SSL/TLS. Server
Certificates come in two basic types:
• Self-signed: (see sections
6-2-1 and 6-3-3 ). This is the case where you generate your own
certificate, so that the subject of the certificate is the same as the issuer of the certificate.
For example, when you create a keypair with the HiKeytool batch file, you will have a keypair
and an associated self-signed certificate.
• Signed and Trusted: (see sections 6-2-3 and 6-3-2 ). When a Certificate Signing Request
(CSR) is generated and sent to a well-known and trusted Certificate Authority (CA) for
signing, and is then signed and returned by the Certificate Authority, your certificate is
considered signed and trusted. A well-known and trusted Certificate Authority meets the
following requirements:
• Certificate for that Certificate Authority is located inside the Device Manager server
truststore,
• Certificate for that Certificate Authority is located in the database of trusted Certificate
Authorities within browsers supported by Device Manager, and
• Certificate for that Certificate Authority is located within the truststore distributed with
Java™ Web Start.
NOTE: The default Device Manager server truststore is located at <installation
directory>/jre/lib/security/cacerts. You can modify the default location using the
server.https.security.truststore property in the server.properties file (refer to section
7-8-9 ). The default
truststore for Java™ Web Start is located at <Java Web Start installation
directory>/cacerts.