Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
51525354555657585960
CREATE CERTIFICATE Command
This command creates and installs a new self-signed certificate for a Neoview platform and
downloads the certificate to the workstation from which this command was run. Only a user
who has the ROLE.SECMGR role may enter this command.
Once you have created and installed a new certificate on the Neoview platform, subsequent
requests from clients will be handled as follows:
If auto-download is in effect, the new certificate is downloaded to the workstation.
If auto-download is not in effect, the connection request will fail. In this case, you must either
enable auto-download or distribute the certificate by other means.
A self-signed certificate expires 2 years from its creation date.
Syntax
[.SEC] CREATE CERTIFICATE SYSTEM_NAME,CERT [filename][,SUBJECT [text]][,KEYSIZE [number]]
Parameters
Parameters following the SYSTEM_NAME can be specified in any order.
SYSTEM_NAME is required and identifies the Neoview platform on which you wish to install
the certificate. The name consists of the unqualified DNS name of the primary segment, for
example inv101. If the external network name is different from the internal name, use the
internal name.
CERT is the local file to which the certificate will be downloaded on the workstation where
this command was run. If you do not specify this attribute, the certificate is displayed on
the screen, not downloaded to a file on the workstation.
SUBJECT specifies a certificate subject text string, enclosed in quotation marks, and has the
default value “O=Hewlett-Packard Company,OU=Self-Signed,CN=SYSTEM_NAME”. This
value is inserted into the Subject field of the generated certificate.
KEYSIZE is 1024 for 1024-bit encryption and 2048 for 2048-bit encryption. The default value
is 2048.
The command fails and an error is returned if
You are not logged on as ROLE.SECMGR.
You omit the SYSTEM_NAME or are not connected to a Neoview platform having the specified
name.
You specify an invalid value for an attribute.
Examples
The following command creates a self-signed certificate for a Neoview platform whose primary
segment DNS name is ABC101.
.sec create certificate ABC101 ,Subject O=Hewlett-Packard
Company,OU=Business Intelligence,CN=ABC101,Keysize 2048,Cert
C:\Certs\SelfSigned\ABC101.cer
Obtaining and Installing a CA Certificate and Private Key
Although the Neoview platform automatically generates a self-signed certificate, it is good
security practice to generate a new server certificate signed by a Certificate Authority (CA) and
install it on the Neoview platform.
NOTE: The Neoview security infrastructure does not provide verification of CA certificates.
To deploy your own server certificate, you (as ROLE.SECMGR) must:
Obtaining and Installing Certificates 57