HP WBEM Services Version A.02.07, Release Notes, March 2008

Table Of Contents

HP WBEM Services Version A.02.07, Release Notes

Security

Chapter 1 19

Managing Certificates

During the install process, if /etc/opt/hp/sslshare/cert.pem and/or

/etc/opt/hp/sslshare/file.pem files are found on the system, the following messages will

be generated in the install log:

NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file already exists.

New certificates are not created.

The existing files, /etc/opt/hp/sslshare/cert.pem and

/etc/opt/hp/sslshare/file.pem may have been created by an earlier installation of HP

WBEM Services A.02.07 or an installation of other management applications on the system.

These files will not be overwritten.

HP-UX example:

Here are two examples of updating certificates when an earlier version of HP WBEM Services

was already installed:

• Scenario 1: Using the default installed certificates from WBEM Services Version A.01.05:

It is recommended that after installing HP WBEM Services Version A.02.07, you do the

following:

— Delete the existing /var/opt/wbem/server_2048.pem and/or

/var/opt/wbem/server.pem files and use the certificates in

/etc/opt/hp/sslshare directory.

— Overwrite the new certificate in /etc/opt/hp/sslshare/cert.pem and the

private key in /etc/opt/hp/sslshare/file.pem with the existing certificate and

key in either /var/opt/wbem/server_2048.pem or /var/opt/wbem/server.pem

files. Before overwriting/etc/opt/hp/sslshare/cert.pem and

/etc/opt/hp/sslshare/file.pem make sure other products are not using the

certificates in these files.

If the server certificate was copied to any other systems, then the certificate in

new /etc/opt/hp/sslshare/cert.pem should be copied over to the trust store

on those other systems replacing the earlier certificate.

NOTE Use the ssltrustmgr command to add or remove certificates in a trust

store. For more information about the ssltrustmgr command, see the

ssltrustmgr man page.