HP WBEM Services Version A.02.07 Release Notes, September 2008, Second Edition
SSL Support
With HTTPS connections enabled, HP WBEM Services uses SSL (Secure Sockets Layer)
for all communications, with server-side certificates that are trusted by the management
application. HP WBEM Services uses OpenSSL to support HTTPS connections.
NOTE: OpenSSL is an open source cryptography toolkit that implements the network
protocols and related cryptography standards of SSL v2/v3 and TLS (Transport Layer
Security). For more information about OpenSSL, go to http://www.openssl.org.
HP WBEM Services supports only SSL v3 and TLS protocols.
On the HTTPS port, CIM clients are required to use SSL to establish connections with
the CIM Server and to send CIM requests.
To disable the HTTPS port, use the cimconfig command to set the planned value of
the CIM Server configuration property enableHttpsConnection to false. Be sure
the planned value for enableHttpConnection is set to true and restart the CIM
Server.
To disable the Export HTTPS port, use the cimconfig command to set the planned
value of the configuration property enableSSLExportClientVerification to
false and restart the CIM Server.
Local User Authentication
The CIM Server automatically authenticates local connections - that is connections
established using the connectLocal method in the CIMClient interface. This
eliminates the need for the user to specify a user name or password when issuing
management commands on the local system.
The UNIX domain socket connection point is used for local connections, so this traffic
is not visible on the network interconnect.
Remote User Authentication
The CIM Server can authenticate remote users by:
• HTTP Basic Authentication
• Certificate Based Authentication (CBA)
The following table details each remote authentication option in greater detail.
12 HP WBEM Services Version A.02.07 Release Notes