Manualshelf

HP WBEM Services Version A.02.07 Release Notes, September 2008, Second Edition

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
11121314151617181920
1. Delete the existing /var/opt/wbem/server_2048.pemand/or
/var/opt/wbem/server.pem files and use the certificates in
/etc/opt/hp/sslshare directory.
OR
2. Overwrite the new certificate in /etc/opt/hp/sslshare/cert.pem and the
private key in /etc/opt/hp/sslshare/file.pem with the existing certificate
and key in either /var/opt/wbem/server_2048.pem or
/var/opt/wbem/server.pem files. Before
overwriting/etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/sslshare/file.pem
make sure other products are not using the certificates in these files.
If the server certificate was copied to any other systems, then the certificate
in new /etc/opt/hp/sslshare/cert.pem should be copied over to the trust
store on those other systems replacing the earlier certificate.
NOTE: Use the ssltrustmgr command to add or remove certificates in a trust
store. For more information about the ssltrustmgr command, see the
ssltrustmgr man page.
Scenario 2: Using custom certificates:
If using either self-signed or root-signed 512-bit or 1024-bit encryption certificates,
it is strongly recommended that you create new certificates with 2048-bit encryption.
If using CA certificates that are using 2048-bit encryption, it is recommended that
you keep them. If the CA certificates are not using 2048-bit encryption, it is
recommended that you get new CA certificates with 2048-bit encryption.
Importing Server Certificates to the Trust Store
CIM client applications should maintain a trust store in a <trust_store-name>.pem
file. CIM client applications must import the certificates stored in
/etc/opt/hp/sslshare/cert.pem into a trust store file on the client machine from
various CIM server machines (ones the client wants to connect to).
With C++ CIM client libraries, the trust store should be in PEM format.
To import a server certificate, copy the public certificate from the server to the client:
1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP
WBEM Services is installed.
NOTE: Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only the
public certificate in the /etc/opt/hp/sslshare/cert.pem file.
2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust
store <trust_store-name>.pem on the client machine.
16 HP WBEM Services Version A.02.07 Release Notes