HP System Management Homepage Installation Guide, December 2006

9 Initializing the software for the first time
After HP System Management Homepage (HP SMH) has been installed and configured for the first time,
a process to create a private key and corresponding self-signed Base64-encoded certificate is initiated. This
certificate is a Base64-encoded PEM file.
Key and certificate information
In HP-UX, both public and private keys for HP SMH are stored in the /var/opt/hpsmh/sslshare
directory. The files are called file.pem (private key) and cert.pem (server certificate).
In Linux, both public and private keys for HP SMH are stored in the /opt/hp/sslshare directory
or /etc/opt/hp/sslshare directory in HP SMH 2.1.3 and later. The files are called file.pem
and cert.pem.
In Windows, public and private keys are stored in the \hp\sslshare directory of the system
drive.
To protect the key, this subdirectory is only accessible to administrators if the file system allows such
security. For private key security reasons, HP highly recommends that Windows installations of HP
SMH be installed on New Technology File System (NTFS).
IMPORTANT: For Windows operating systems, the file system must be NTFS for the private key to have
administrator only access through the file.
If you feel that the private key has been compromised, the administrator can delete the
\hp\sslshare\cert.pem file and restart the server. This action causes HP SMH to generate a new
certificate and private key.
NOTE: Certificate and private key generation only occur the first time HP SMH is started or when no
certificate and key pair exists.
A certificate from a certificate authority (CA), such as Verisign or Entrust, can be used to replace
self-generated certificates. These certificate and key files are shared with other HP Management software,
such as HP Systems Insight Manager.
Key and certificate information 41