Manualshelf

HP WBEM Services Version A.02.07 Release Notes, September 2009

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
11121314151617181920
NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the cimserver
with PAM Authentication services. For more information, see the HP WBEM Services for HP-UX
and Linux System Administrator's Guide (part number B8465-90017, chapter 3).
More about using Client Certificate-Based Authentication
Before making use of CBA, you must do the following:
1. Enable Certificate Based Authentication (CBA) using the cimconfig command. By default,
CBA is disabled. Refer to the cimconfig(1M) and cimtrust(1M) man pages for more
information.
2. Use the cimtrust command to include client certificates from the trust store in the
cimserver and associate that certificate with a system user.
3. The HTTPS connections must be enabled in order for the client to have its certificate
authenticated by HP WBEM Services.
NOTE: HP System Insight Manager (HP SIM) version 5.1 or later is able to use Certificate-Based
remote user authentication. For more information on certificate based remote user authentication,
see the HP SIM documentation.
Certificate Verification
CIM Clients
The CIM Client Interface supports the trust store and verification callback function as the
mechanisms for server certificate verification. The CIM Client applications can use one or both
of these mechanism to verify the server certificate.
wbemexec Client
The wbemexec command provides a command-line interface to a CIM server.
For more information about the wbemexec command, see the wbemexec man page.
wbemexec uses trust store for server certificate verification. Be sure to import the certificate in
/etc/opt/hp/sslshare/cert.pem from the system where the CIM Server is running to the client
system’s trust store.
For more information about certificates, see Importing Server Certificates into the Trust Store, below.
wbemexec’s SSL connection to CIM Server will fail if the server certificate is not found and
verified in the trust store.
wbemexec is not recommended for use in high-threat environments because wbemexec does
not do any additional certificate verifications, such as host-name or certificate-depth verification.
Managing Certificates
During the install process, if /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/
sslshare/file.pem files are found on the system, the following messages will be generated
in the install log:
NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file already
exists. New certificates are not created.
The existing files, /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/sslshare/
file.pem may have been created by an earlier installation of HP WBEM Services A.02.05 or an
installation of other management applications on the system. These files will not be overwritten.
HP-UX example:
Security 11