Manualshelf

HP WBEM Services Version A.02.11.00 Release Notes HP-UX 11i v3 (766167-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
12345678910
Using CBA(Certificate Based Authentication)
To use the CBA(Certificate Based Authentication) method, you must do the following:
1. Use the cimconfig command, to enable CBA . By default, the CBA is disabled. For more
information, see the cimconfig(1M) and cimtrust(1M) manpages.
2. Use the cimtrust command to include the client certificates from the trust store in the
cimserver and associate that certificate with a system user.
3. Enable the HTTPS connections for the client to authenticate its certificate for HP WBEM Services.
NOTE: HP System Insight Manager (HP SIM) Version 5.1 or later enables you to use CBA for
remote user. For more information on CBA for remote users, see the HP SIM documentation.
Certificate verification
CIM client
The CIM client Interface supports the trust store and verification callback function for server certificate
verification. The CIM client applications can use one or both of these mechanism to verify the server
certificate.
Using wbemexec command
The wbemexec command provides a command-line interface to the CIM Server.
The wbemexec command uses the trust store for server certificate verification. Be sure to import
the certificate in the /etc/opt/hp/sslshare/cert.pem file from the system where the CIM
Server is running to the client system’s trust store.
For more information about the wbemexec command, see the wbemexec manpage.
For more information about certificates, see “Importing server certificates to trust store (page 11).
The wbemexec command SSL connection to the CIM Server will fail if the server certificate is not
found and verified in the trust store.
The wbemexec command is not recommended for use in high-threat environments because
wbemexec does not provide any additional certificate verifications, such as host-name or
certificate-depth verification.
Managing certificates
During the installation process, if the /etc/opt/hp/sslshare/cert.pem and /etc/opt/
hp/sslshare/file.pem files are found on the system, the following messages is generated in
the install log:
NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file already
exists. New certificates are not created.
The existing files, /etc/opt/hp/sslshare/cert.pem and /etc/opt/hp/sslshare/
file.pem might have been created by an earlier installation of HP WBEM Services A.02.05 or
an installation of other management applications on the system. These files will not be overwritten.
HP-UX example:
The following examples describe how to update certificates when an earlier version of HP WBEM
Services is already installed:
Scenario 1: Using the default installed certificates from HP WBEM Services version A.01.05.
HP recommends that after installing HP WBEM Services Version A.02.07, you do the following:
10 HP WBEM Services version A.02.11.04 release notes