Manualshelf

HP-UX Workload Manager A.03.02.xx Release Notes for HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i Workload Management (gWLM/WLM) Software
41424344454647484950
HP-UX Workload Manager Release Notes
Security
48
Security
This section highlights security items you should be aware of.
Relationship between host name and SSL certificates
SSL certificates are created when you install WLM. This enables WLM to run in secure mode
within the system on which it is installed. As of Version A.03.01, when you start WLM using
the “/sbin/init.d/wlm start” script, the script uses secure mode by default. This requires
that you distribute security certificates to all systems or partitions being managed by the
same WLM global arbiter (wlmpard). In addition, if you upgrade WLM and the
/etc/rc.config.d/wlm script had been modified prior to the upgrade, you must check that the
following variables in /etc/rc.config.d/wlm are enabled (set to 1):
WLMD_SECURE_ENABLE
WLMPARD_SECURE_ENABLE
WLMCOMD_SECURE_ENABLE
The name of each certificate created when you install WLM is based on the name of the host
where the certificate is generated. Thus, on host1, the certificate is named host1.pem. This
makes it easier for you to identify trusted systems. If you have not yet assigned a host name to
the system where WLM is being installed, the certificate is given the default name
loopback.pem. When you assign a name to the host, security will continue to work even if the
host name differs from the certificate name. To achieve a match between the host and
certificate names, you can use the wlmcert command to remove the current certificate and
then to reset the certificates so that the host and certificate names match. For more
information on security certificates and the wlmcert command, see wlmcert(1M). This and
other WLM manpages are also available at the following location:
http://www.hp.com/go/wlm
When using WLM to manage partitions, each partition must have in its truststore the
certificate of every other partition with which it is being managed.
NOTE If you use Serviceguard on the system running wlmpard, any systems to which
wlmpard might fail over must have the same certificates installed in their
truststores as does the primary wlmpard node. Therefore, be sure to install the
certificates from the systems managed by that wlmpard on any systems to
which wlmpard might fail over. Also, install the certificates from all failover
systems to the systems being managed by that wlmpard.