Manualshelf

HP Servicecontrol Manager 3.0 User's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
51525354555657585960
Increasing Servicecontrol Manager Security
Enable WBEM Certificate Validation
Chapter 4
58
Enable WBEM Certificate Validation
By default, all WBEM transactions are encrypted, but the identity of the managed node
is not validated. Certificates passed from target nodes are automatically trusted.
Enabling certificate validation will increase the level of security for WBEM transactions.
You can use self-signed certificates for medium security or CA-signed certificates for
high security. The certificate manager inspects credentials for each transaction and
either approves or denies the WBEM data exchange based on the credentials.
This security enhancement uses the Java keytool from Sun Microsystems. For more
information on the keytool, go to http://java.sun.com and search for summary of
security tools.
NOTE Additional information about HP WBEM Services is available on the Web at:
http://docs.hp.com/hpux/netsys/index.html
You can use:
self-signed certificates for a medium security level
CA-signed certificates for a high security level
The self-signed certificates are generated by WBEM on each managed node when SSL is
enabled. See the appropriate procedure to enable WBEM certificate validation for your
certificate type.
To enable WBEM certificate validation with self-signed certificates:
Step 1. Log on to the CMS as root.
Step 2. Identify the MxKeystorePassword:
mxpassword -l -x MxKeystorePassword
Step 3. Create a copy the self-signed certificate on a managed node:
/opt/wbem/sbin/openssl x509 -in /var/opt/wbem/server.pem -out node.cer
where node is the hostname of the managed node.
Step 4. Securely copy the certificate to the /etc/opt/mx/config/security/ directory on the
CMS.
Step 5. Import the certificate into the trust store on the CMS:
keytool - import -alias node -file node.cer -keystore
/etc/opt/mx/config/security/certificates -keypass password
where node is the hostname of the managed node and password is the
MxKeystorePassword.
Step 6. Repeat this process for each managed node running WBEM.
Step 7. Edit the WBEM configuration files on the CMS to enable certificate validation. The files
are located at:
/opt/hpwebadmin/bin/cim.properties