HP WBEM Services Version A.02.11.00 Release Notes HP-UX 11i v3 (766167-001, March 2014)

1. Delete the existing /var/opt/wbem/server_2048.pem and /var/opt/wbem/

server.pem files and use the certificates in the /etc/opt/hp/sslshare directory.

2. Overwrite the new certificate in the /etc/opt/hp/sslshare/cert.pem file and the

private key in the /etc/opt/hp/sslshare/file.pem file with the existing certificate

and key in either /var/opt/wbem/server_2048.pem or /var/opt/wbem/

server.pem files. Before overwriting the /etc/opt/hp/sslshare/cert.pem and

/etc/opt/hp/sslshare/file.pem files ensure other products are not using the

certificates in these files.

If the server certificate was copied to any other systems, then the certificate in new the

/etc/opt/hp/sslshare/cert.pem file should be copied to the trust store on those

other systems replacing the earlier certificate.

NOTE: Use the ssltrustmgr command to add or remove certificates in a trust store.

For more information about the ssltrustmgr command, see the ssltrustmgr manpage.

• Scenario 2: Using custom certificates.

If you are using either the self-signed or root-signed 512-bit or 1024-bit encryption certificates,

then HP recommends that you create new certificates with 2048-bit encryption.

If you using CA certificates that are using 2048-bit encryption, then HP recommends that you

retain them. If the CA certificates are not using 2048-bit encryption, HP recommends that you

create new CA certificates with 2048-bit encryption.

Importing server certificates to trust store

CIM client applications must maintain a trust store in the <trust_store-name>.pem file. The

CIM client applications must import the certificates stored in /etc/opt/hp/sslshare/cert.pem

to a trust store file on the client machine from various CIM Server machines (machines that the

client wants to connect to).

With C++ CIM client libraries, the trust store should be in PEM format.

To import a server certificate, copy the public certificate from the server to the client application:

1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP

WBEM Services is installed.

NOTE: Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only the

public certificate in the /etc/opt/hp/sslshare/cert.pem file.

2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust store

<trust_store-name>.pem on the client machine.

NOTE: The wbemexec command uses the file /etc/opt/hp/sslshare/client.pem

as its trust store. Import the server certificates for this client into the /etc/opt/hp/sslshare/

client.pem file.

Standard conformance

This version of the HP WBEM Services product complies with the following standards:

• CIM Operations over HTTP, Version 1.2

• Representation of CIM in XML, Version 2.2

• CIM Infrastructure Specification, Version 2.3

• CIM Schema, Version 2.28

Standard conformance 11