HP Web Jetadmin - Security and HP Web Jetadmin
8
Once the request has been fulfilled by the CA, the certificate is ready to be installed on the HP Web
Jetadmin application. Install Certificate is used to browse to and upload the certificate file. Once the
certificate is installed, the HTTP service enforces SSL. Any browser contact with HP Web Jetadmin
should indicate HTTPS on the URL line when SSL is enforced. Using the Remove Certificate control
uninstalls the certificate, and SSL is no longer enforced.
Important points to remember when implementing SSL
SSL-enforced client communication requires one or more of the following considerations:
1. When SSL has been implemented on HP Web Jetadmin with an internal CA, the CA’s authorizing
certificate is required to be installed in the client browser. If this certificate is not installed in the
client browser, the HP Web Jetadmin ClickOnce page fails to load.
2. Proxy servers tend to use the standard SSL port which is 443. If the HP Web Jetadmin ClickOnce
page is being called through a proxy server, a redirect error may occur. This is due to the URL
being redirected to 443 rather than 8443, which is the port used by HP Web Jetadmin’s SSL. The
workaround for this problem is to place the HP Web Jetadmin FQDN (fully qualified domain
name) into the browser’s exceptions list under Tools > Internet Options > Connections > LAN
Settings > Advanced. This causes the browser to pull HTTP and HTTPS content directly from the
HP Web Jetadmin server.
NOTE HP Web Jetadmin HTTP and HTTPS port numbers can be customized to something other
than 8000 and 8443. A procedure for implementing custom ports is outlined in the
online help for HP Web Jetadmin.
3. When a user has implemented SSL in HP Web Jetadmin, a redirect occurs when the browser URL
uses port 8000. For example:
• Known URL prior to SSL implementation: http://servername.domain.domain.xxx:8000
• After SSL implementation, HP Web Jetadmin redirects to the new URL:
HTTPS://servername.domain.domain.xxx:8443
4. The URLs shown here use FQDN. In most cases the certificate issued and installed in the HP Web
Jetadmin SSL implementation contain an FQDN for the host on which HP Web Jetadmin is
installed. If a non-FQDN is used in the browser, certificate failure occurs. As a general rule,
create the HP Web Jetadmin URL with FQDN when HP Web Jetadmin is implemented with SSL.
5. The server host FQDN used in the certificate must be DNS resolvable. If it is not, the client
application launch might fail.
Certificates and backup/restore procedures
HP Web Jetadmin software contains backup/restore scripts, as well as instructions for qualifying and
using them. These scripts are designed to help the administrator save time when catastrophic
hardware, operating system (OS), or application failure occurs. Backup and restore scripts act on the
HP Web Jetadmin database as well as the HP Web Jetadmin settings files. Most software settings and
device data can be restored.
The certificate used to enforce HTTPS/SSL communications is not retained or restored during the
backup/restore processes. The certificate is installed in the local Windows certificate store. Two
outcomes are possible when utilizing HP Web Jetadmin restore scripts on a server that had
HTTPS/SSL enabled:
• If HP Web Jetadmin is restored to a host where the certificate is installed already, and if
application settings had SSL enabled, HP Web Jetadmin enforces SSL using that certificate.
• If HP Web Jetadmin is restored onto a host where the certificate is not installed, and if SSL was
enabled through application settings, HP Web Jetadmin runs without SSL enforced. A certificate
must be installed onto the server using Tools > Options > Application Management > Certificates,