Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

4. Obtain the certificate of the CA that signed the certificate. This is sometimes called the

intermediate certificate and is the one downloaded to each workstation for use in encrypting

the password. In most cases, you can get the intermediate certificate from the CA, but if not,

you can obtain it from your browser. The precise means of doing so varies with the browser

and browser version, but be sure to export the intermediate certificate in Base-64 encoded

X.509 (.CER) format.

5. If automatic download is not enabled by your security policy, distribute the new intermediate

certificate to client workstations that will connect to the Neoview platform. ODBC and JDBC

connection attributes prescribe where a new CA certificate must be installed. Use

CERTIFICATE_FILE for ODBC and certificateFile for JDBC. Do not place new files in the location

identified by CERTIFICATEFILE_ACTIVE or certificateFileActive. (For more information about

the connection attributes related to certificates, see “Specifying the Certificate Location”

(page 146).)

6. Use the NCI INSERT CERTIFICATE command or the Deploy CA Signed Certificate tab on

the HPDM CA Certificate dialog to install the new certificates on the Neoview platform.

Use the root certificate obtained as the value of the CERT parameter and the intermediate

certificate as the value of the CACERT parameter.

Table 2-9 Certificate Insertion Attributes

CommentRangeInitial Value

Field Name

(HPDM)

Parameter Name

(NCI)

Specifies the unqualified

DNS name of the primary

segment

DNS nameNAImplicit: the

system to which

you are currently

connected

SYSTEM_NAME

Specifies the location of

the new CA root

certificate.

PathnameNARoot CertificateCERT

Specifies the location of

the new CA intermediate

certificate.

PathnameNAIntermediate

Certificate

CACERT

If auto-download is disabled, you must install the new intermediate certificate on client

workstations before installing it on the Neoview platform. Otherwise, connection attempts from

those workstations will fail.

For information about using HPDM dialogs, see the HPDM Online Help.

CREATE CSR Command

This command generates a certificate signing request (CSR) and downloads it to the workstation

from which this command was run. Only a user who has the ROLE.SECMGR role may enter this

command.

Syntax

[.SEC] CREATE CSR SYSTEM_NAME,CSR [filename][,SUBJECT [text]][,KEYSIZE [number]]

Parameters

Parameters following the SYSTEM_NAME can be specified in any order.

• SYSTEM_NAME is required and identifies the Neoview platform on which you wish to install

the certificate. The name consists of the unqualified DNS name of the primary segment, for

Obtaining and Installing Certificates 59