HP WBEM Services Version A.02.07, Release Notes, March 2008

Table Of Contents

HP WBEM Services Version A.02.07, Release Notes

Security

Chapter 120

• Scenario 2: Using custom certificates:

If using either self-signed or root-signed 512-bit or 1024-bit encryption certificates, it is

strongly recommended that you create new certificates with 2048-bit encryption.

If using CA certificates that are using 2048-bit encryption, it is recommended that you

keep them. If the CA certificates are not using 2048-bit encryption, it is recommended

that you get new CA certificates with 2048-bit encryption.

Importing Server Certificates to the Trust Store

CIM client applications should maintain a trust store in a <trust_store-name>.pem file.

CIM client applications must import the certificates stored in

/etc/opt/hp/sslshare/cert.pem into a trust store file on the client machine from various

CIM server machines (ones the client wants to connect to).

With C++ CIM client libraries, the trust store should be in PEM format.

To import a server certificate, copy the public certificate from the server to the client:

1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP

WBEM Services is installed.

NOTE Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only

the public certificate in the /etc/opt/hp/sslshare/cert.pem file.

2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust store

<trust_store-name>.pem on the client machine.

NOTE The wbemexec command uses the file /etc/opt/hp/sslshare/client.pem

as its trust store. Import the server certificates for this client into the

/etc/opt/hp/sslshare/client.pem file.