Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
41424344454647484950
6. Change the “secret” portion to the same value configured in Step 3.
IMPORTANT: The rmi.config.secret in /opt/aaa/remotecontrol/
rmiserver.properties and in /opt/hpws22/tomcat/webapps/aaa/WEB-INF/
gui.properties must be identical.
Changing the Default test_user Settings
HP recommends changing the default test_users password. This password can be changed
only after starting the Server Manager. More information on how to change the default test_users
password is provided in “Changing the Default test_user Settings” (page 88)
Changing the Default localhost Proxy Settings
HP recommends changing the default localhost proxy settings. This setting can be changed
only after starting the Server Manager. More information on how to change the default localhost
proxy settings is provided in “Changing the Default localhost Proxy Settings” (page 81).
Environment Specific Security Procedures
Depending on your environment needs, you can perform any of the following steps for additional
security:
Using Secure Socket Layer (SSL) for Secured Remote Server Manager Administration
Use the following steps to configure SSL (HTTPS):
1. Generate a certificate for Tomcat to establish the SSL connection. Use the following steps to
create a self-signed certificate with the Java command line keytool utility:
1. Remove $HOME/.keystore if it already exists
2. Enter the following command:
$ export JAVA_HOME=/opt/java1.5
3. Enter the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
4. Enter a password for the key store when prompted.
5. Enter the certificate information (company, contact name, etc.), when prompted. This
information must be accurate because it is displayed to users who attempt to administer
Server Manager.
6. Enter a password for the key when prompted. Use the same password you used for the
key store
2. Uncomment the following underlined comments in /opt/hpws22/tomcat/conf/
server.xml:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true"
useURIValidationHack="false"
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS" />
</Connector>
-->
3. Add the keystorePass attribute to the uncommented field in /opt/hpws22/tomcat/
conf/server.xml to establish the key store and key password on Tomcat. Add the
keystorePass attribute as shown in the following:
Securing the HP-UX AAA Server 43