HP WBEM Services Version A.02.05, Release Notes, December 2007
HP WBEM Services Version A.02.05, Release Notes
Security
Chapter 1 11
Security
HP WBEM Services supports four connection points
• HTTP port
• HTTPS (HTTP Secure) port
• HTTPS port for Export Connections
• a Unix domain socket for local connections
HP WBEM Services uses dedicated ports for CIM-XML traffic. The ports 5988 (HTTP TCP/IP
communication) and 5989 (HTTPS TCP/IP communication) are dedicated for CIM-XML
communications between CIM Clients and the CIM Server. The port defined by the service
name wbem-exp-https (HTTPS TCP/IP communication) is dedicated for CIM-XML
communication between the Indication sender and the CIM Server (Indication receiver). The
HTTP and the two HTTPS connection points may be disabled using the cimconfig command
line utility. However, the Unix domain socket connection is always enabled when the CIM
Server is running.
SSL Support
With HTTPS connections enabled, HP WBEM Services uses SSL (Secure Sockets Layer) for
all communications, with server-side certificates that are trusted by the management
application. HP WBEM Services uses OpenSSL to support HTTPS connections.
NOTE OpenSSL is an open source cryptography toolkit that implements the network
protocols and related cryptography standards of SSL v2/v3 and TLS (Transport
Layer Security). For more information about OpenSSL, go to
http://www.openssl.org.
HP WBEM Services supports only SSL v3 and TLS protocols.
On the HTTPS port, CIM clients are required to use SSL to establish connections with the
CIM Server and to send CIM requests.
To disable the HTTPS port, use the cimconfig command to set the planned value of the CIM
Server configuration property enableHttpsConnection to false. Be sure the planned value
for enableHttpConnection is set to true and restart the CIM Server.