HP System Management Homepage Installation Guide, June 2006
9 Initializing the software for the first time
After HP System Management Homepage (HP SMH) has been installed and configured for the first time, a
process to create a private key and corresponding self-signed Base64-encoded certificate is initiated. This
certificate is a Base64-encoded PEM file.
Key and certificate information
• In HP-UX, both public and private keys for HP SMH are stored in the /var/opt/hpsmh/sslshare
directory. The files are called file.pem (private key) and cert.pem (server certificate).
• In Linux, both public and private keys for HP SMH are stored in the /opt/hp/sslshare directory or
/etc/opt/hp/sslshare directory in HP SMH 2.1.3 and later. The files are called file.pem and
cert.pem.
• In Windows, public and private keys are stored in the \hp\sslshare directory of the system
drive.
To protect the key, this subdirectory is only accessible to administrators if the file system allows such
security. For private key security reasons, HP highly recommends that Windows installations of HP SMH
be installed on New Technology File System (NTFS).
IMPORTANT For Windows operating systems, the file system must be NTFS for the private key to have
administrator only access through the file.
If you feel that the private key has been compromised, the administrator can delete the
\hp\sslshare\cert.pem file and restart the server. This action causes HP SMH to generate a new
certificate and private key.
NOTE Certificate and private key generation only occur the first time HP SMH is started or when no certificate
and key pair exists.
A certificate from a certificate authority (CA), such as Verisign or Entrust, can be used to replace self-generated
certificates. These certificate and key files are shared with other HP Management software, such as HP
Systems Insight Manager.
Key and certificate information 43