Manualshelf

HP System Management Homepage 7.0 Installation Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Windows
41424344454647484950
7 Initializing the software for the first time
After you have installed and configured HP SMH for the first time, a process to create a private
key and corresponding self-signed Base64-encoded certificate is initiated. This certificate is a
Base64-encoded PEM file.
Key and certificate information
In HP-UX operating systems, both public and private keys for HP SMH are stored in the /var/
opt/hpsmh/sslshare directory. The files are called file.pem (private key) and cert.pem
(server certificate).
With HP SMH running on Apache 2.2 (HP-UX 11iv3), the Apache Tomcat communication
requires certificate-based authentication through https connection on port 1188 (by default).
The certificate /var/opt/hpsmh/sslshare/proxy.pem, generated during installation,
is used for this purpose. For effective Apache Tomcat communication required to launch the
Java plug-ins, do not alter this certificate on the system.
In Linux operating systems, both public and private keys for HP SMH are stored in the /etc/
opt/hp/sslshare directory. The files are called file.pem and cert.pem.
In Windows operating systems, public and private keys are stored in the <System
Drive>:\hp\sslshare directory of the system drive.
To protect the keys, this subdirectory is only accessible to administrators if the file system allows
such security. For private key security reasons, HP recommends that you install Windows
installations of HP SMH on New Technology File System (NTFS).
IMPORTANT: For Windows operating systems, the file system must use NTFS for the private key
to have administrator only access through the file.
If the private key is compromised, you can delete the <System
Drive>:\hp\sslshare\cert.pem file and restart the server. This action causes HP SMH to
generate a new certificate and private key.
NOTE: Certificate and private key generation occurs only the first time HP SMH starts or when
no certificate and key pair exists.
A certificate from a certificate authority (CA), such as Verisign or Entrust, can replace self-generated
certificates. These certificate and key files are shared with other HP Management software, such
as HP SIM.
Key and certificate information 49