Manualshelf

HP WBEM Services Version A.02.07 Release Notes, September 2009

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
11121314151617181920
Here are two examples of updating certificates when an earlier version of HP WBEM Services
was already installed:
Scenario 1: Using the default installed certificates from WBEM Services Version A.01.05:
It is recommended that after installing HP WBEM Services Version A.02.07, you do the
following:
1. — Delete the existing /var/opt/wbem/server_2048.pemand/or /var/opt/
wbem/server.pem files and use the certificates in /etc/opt/hp/sslshare
directory.
OR
2. — Overwrite the new certificate in /etc/opt/hp/sslshare/cert.pem and the
private key in /etc/opt/hp/sslshare/file.pem with the existing certificate
and key in either /var/opt/wbem/server_2048.pem or /var/opt/wbem/
server.pem files. Before overwriting /etc/opt/hp/sslshare/cert.pem and
/etc/opt/hp/sslshare/file.pem make sure other products are not using
the certificates in these files.
If the server certificate was copied to any other systems, then the certificate in new
/etc/opt/hp/sslshare/cert.pem should be copied over to the trust store on
those other systems replacing the earlier certificate.
NOTE: Use the ssltrustmgr command to add or remove certificates in a trust store.
For more information about the ssltrustmgr command, see the ssltrustmgr man
page.
Scenario 2: Using custom certificates:
If using either self-signed or root-signed 512-bit or 1024-bit encryption certificates, it is
strongly recommended that you create new certificates with 2048-bit encryption.
If using CA certificates that are using 2048-bit encryption, it is recommended that you keep
them. If the CA certificates are not using 2048-bit encryption, it is recommended that you
get new CA certificates with 2048-bit encryption.
Importing Server Certificates to the Trust Store
CIM client applications should maintain a trust store in a <trust_store-name>.pem file. CIM
client applications must import the certificates stored in /etc/opt/hp/sslshare/cert.pem
into a trust store file on the client machine from various CIM server machines (ones the client
wants to connect to).
With C++ CIM client libraries, the trust store should be in PEM format.
To import a server certificate, copy the public certificate from the server to the client:
1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP
WBEM Services is installed.
NOTE: Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only the
public certificate in the /etc/opt/hp/sslshare/cert.pem file.
2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust store
<trust_store-name>.pem on the client machine.
12 HP WBEM Services Version A.02.07 Release Notes