Manualshelf

OSM Migration and Configuration Guide (G06.30+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
OSM Server-Based Components
OSM Migration and Configuration Guide527273-021
3-6
Enabling Secure Sockets Layer (SSL)
Enabling Secure Sockets Layer (SSL)
OSM (T0682G07 AAI or later) provides Secure Sockets Layer (SSL) support to provide
a secure connection between the OSM server, OSM Service Connection, and OSM
Notification Director. In addition to running OSM server version T0682G07 AAI or later,
you must use OSM Notification Director version T0632G07 AAN (or later) to take
advantage of SSL support.
Disabled by default, SSL must be enabled in your OSMCONF file by adding or setting
to “On” the following OSMCONF parameter:
UseSSL = On
Once enabled (you must restart $ZCMOM, if running), the first time you log on to the
OSM Service Connection, a dialog box asks you to trust the SSL certificate distributed
by Hewlett-Packard. Select Always.
The SSL support built into OSM relies on a “shared” SSL certificate. For maximum
security, HP recommends that you obtain your own private SSL certificate. OpenSSL
toolkits, available as shareware, can help you generate your own SSL certificate. Once
you get your own signed SSL certificate and key password, you must perform these
additional steps for OSM to recognize your SSL certificate:
1. Overwrite the following files in $SYSTEM.ZSERVICE with the versions you receive
with your signed SSL certificate:
°
CACERT
°
SERVCERT
°
SERVKEY
2. Add the following parameter to your OSMCONF file (restart $ZCMOM, if running) :
SERVKEYPASS = key_password
where key_password is your private password
3. To protect your password, HP recommends that you change your OSMCONF file
so it is readable only by the super.super user id.
Note. Secure Sockets Layer (SSL) must be enabled in order to use HP Systems Insight
Manager (SIM) in conjunction with OSM.
Note. If system discovery completes before you accept the SSL certificate, the OSM toolbar
might appear blank. If so, close that browser session, click Always to accept the certificate,
and open a new browser session to launch an OSM Service Connection session.