HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software

6. Change the “secret” portion to the same value configured in Step 3.

IMPORTANT: The rmi.config.secret in /opt/aaa/remotecontrol/

rmiserver.properties and in /opt/hpws22/tomcat/webapps/aaa/WEB-INF/

gui.properties must be identical.

Changing the Default test_user Settings

HP recommends changing the default test_users password. This password can be changed

only after starting the Server Manager. More information on how to change the default test_users

password is provided in “Changing the Default test_user Settings” (page 89)

Changing the Default localhost Proxy Settings

HP recommends changing the default localhost proxy settings. This setting can be changed

only after starting the Server Manager. More information on how to change the default localhost

proxy settings is provided in “Changing the Default localhost Proxy Settings” (page 82).

Environment Specific Security Procedures

Depending on your environment needs, you can perform any of the following steps for additional

security:

Using Secure Socket Layer (SSL) for Secured Remote Server Manager Administration

Use the following steps to configure SSL (HTTPS):

1. Generate a certificate for Tomcat to establish the SSL connection. Use the following steps to

create a self-signed certificate with the Java command line keytool utility:

1. Remove $HOME/.keystore if it already exists

2. Enter the following command:

$ export JAVA_HOME=/opt/java6

3. Enter the following command:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

4. Enter a password for the key store when prompted.

5. Enter the certificate information (company, contact name, etc.), when prompted. This

information must be accurate because it is displayed to users who attempt to administer

Server Manager.

6. Enter a password for the key when prompted. Use the same password you used for the

key store

2. Uncomment the following underlined comments in /opt/hpws22/tomcat/conf/

server.xml:

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration. When using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

-->

<!--

<Connector port="8443"

protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150"

scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS"/>

-->

3. Add the keystorePass attribute to the uncommented field in /opt/hpws22/tomcat/

conf/server.xml to establish the key store and key password on Tomcat. Add the

keystorePass attribute as shown in the following:

44 Installing and Securing the HP-UX AAA Server