HP WBEM Services Version A.02.07 Release Notes, September 2008, Second Edition

For more information about the wbemexec command, see the wbemexec man page.

wbemexec uses trust store for server certificate verification. Be sure to import the

certificate in /etc/opt/hp/sslshare/cert.pem from the system where the CIM Server is

running to the client system’s trust store.

For more information about certificates, see Importing Server Certificates into the Trust

Store, below.

wbemexec’s SSL connection to CIM Server will fail if the server certificate is not found

and verified in the trust store.

wbemexec is not recommended for use in high-threat environments because wbemexec

does not do any additional certificate verifications, such as host-name or certificate-depth

verification.

Managing Certificates

During the install process, if /etc/opt/hp/sslshare/cert.pem and

/etc/opt/hp/sslshare/file.pem files are found on the system, the following messages will

be generated in the install log:

NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file

already exists. New certificates are not created.

The existing files, /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/sslshare/file.pem may

have been created by an earlier installation of HP WBEM Services A.02.05 or an

installation of other management applications on the system. These files will not be

overwritten.

HP-UX example:

Here are two examples of updating certificates when an earlier version of HP WBEM

Services was already installed:

• Scenario 1: Using the default installed certificates from WBEM Services Version

A.01.05:

It is recommended that after installing HP WBEM Services Version A.02.07, you

do the following:

Security 15