HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)
Command View XP AE Device Manager Server Security 82
6-2 Using the HiKeytool Script File to Modify Server
Security Properties
6-2-1 Creating a Keypair
NOTE: If you make a mistake during this process and need to start over, exit by pressing Ctrl+c and restart
HiKeytool. Throughout this section, use the default values presented unless you are either very familiar with
the area of cryptography and Java™ security or are otherwise instructed.
Open a command line or terminal window, navigate to the <Device Manager server> directory
and launch the HiKeytool script file, as follows:
1. On Windows
®
type .\HiKeytool.bat, and then press the Enter key.
2. The HiKeytool main panel (see
Figure 6-1) displays.
3. From HiKeytool, type 1 (Make Keypair/Self-Signed Certificate). The Creating a Keypair panel
displays (see Figure 6-2).
4. Enter the server name [default=<Server Name>]. Use the default value unless your machine is
visible to the LAN or WAN under a different name, in which case you should use the name by
which the Device Manager server is visible. Any SSL-encrypted communications with the server
MUST use this server name, or you will receive an authentication error.
5. Enter the organizational unit [default=Device Manager Administration]. The default value is
recommended, but you can use anything meaningful, e.g. Marketing.
6. Enter your organization name. [default=<Server Name>]. Ordinarily you would use the default
value or your host name, but you can use another name, such as the name of your company.
7. Enter your city or locality. There is no default value for this field.
8. Enter your state or province. There is no default value provided, but make sure to spell it out
instead of using the two-character state code.
9. Enter your two-character country code [default=US].
10. Enter your key alias. [default=<Server Name>]. This should be the local host name of the
Device Manager server. Make sure to use the same value that you used for the server name in
step
4, above.
11. Enter your key password (6 characters minimum) [default=passphrase]. This is the value used to
access the keypair entry by the Device Manager server and the default value is taken from the
server.https.keystore.keypass property (see section 7-8-6 ).
12. For security reasons, you will want to change the default value of the key password.
IMPORTANT: You should do so by using the process described in 6-2-7 , and you should not simply change
it directly from the properties file.
13. Enter the key algorithm [default=RSA]. Currently, only RSA
®
is supported.
14. Enter the key size (minimum is 512; maximum is 2048) [default=2048]. Assuming the RSA
®
key
algorithm is used, any key size from 512 to 2048 is valid, so long as it is in an increment of 64.
Larger key sizes are recommended because that will provide greater data security against brute
force and factoring attacks.
15. Enter the signature algorithm [default=MD5withRSA]. Currently, only MD5withRSA
®
is
supported.
16. Enter the number of days valid [default=365]. This is the period during which the Device
Manager server keypair will be valid:
• If you have your server certificate signed by a well-known and trusted Certificate Authority,
the number of days valid specified by that authority will override the value you place in this
field. Make sure to check the web site of your vendor for specific requirements and calendar
the need to renew your certificate, because if the key pair and associated server certificate