HP Web Jetadmin - Security and HP Web Jetadmin
7
Figure 7—Certificates notice
Managing role permissions and user assignments
As already noted, user/role assignments, role permissions, and even local/domain user groups can
be edited and changed. When managing these items, a few rules should be kept in mind:
• As users have role permission changes applied to them, the display interface does not change to
reflect (hide) feature access changes until the next time the user logs into the application.
• As users have role permission changes applied to them, access to restricted features are blocked
and the users experience an “access denied” message from the application in areas where
feature restrictions have been implemented.
• Scheduled tasks implemented by users with role permissions changes or authorization removals
remain intact and are not affected by user/role or permissions changes.
HTTPS and SSL (Secure Sockets Layer)
HP Web Jetadmin administrators can
enable the SSL (secure sockets layer) on
HP Web Jetadmin. This forces browser
communication to the more secure HTTPS
protocol. SSL is enabled by the
administrator from the console or host
running the application. A notice occurs
when users try to enable this feature from
a remote client (see Figure 7).
Prior to HP Web Jetadmin 10, SSL was
enabled by default and the primary client interface went through a web browser. SSL is not enabled
by default on HP Web Jetadmin 10.x for several reasons:
• HP Web Jetadmin 10.x does not use a browser as a primary application interface
• HP Web Jetadmin 10.x’s HTTP service provides minimal or limited functionality and is not core to
client/server communication; .NET Remoting provides data encryption and user authentication
• Self-signed certificates cannot be used unless all clients have the appropriate CA (certificate
authority) installed
In some environments, SSL is required every time an HTTP interface or service is being used for
communication and can be enabled and enforced by the administrator. When SSL is enforced, it
provides an industry-acceptable protocol for both authentication and encryption of HTTP
communication. A host requesting access to the HP Web Jetadmin ClickOnce client download is
assured that the system hosting HP Web Jetadmin is authentic and that communication between the
two systems is encrypted.
Certificates are used by the SSL
protocol to accommodate both
authentication and encryption.
HP Web Jetadmin is capable of
generating a signing request that
can be used by a CA for the
purpose of generating a
certificate. From the application
console only, the user can
generate a signing request
through Tools > Options >
Application Management >
Server Certificates (see Figure 8).
Figure 8—Server certificates