OSM Migration Guide (G06.29+)
OSM Server-Based Components
OSM Migration Guide—527273-018
3-6
Enabling Secure Sockets Layer (SSL)
Enabling Secure Sockets Layer (SSL)
OSM (T0682G07 AAI or later) provides Secure Sockets Layer (SSL) support to provide
a secure connection between the OSM server, OSM Service Connection, and OSM
Notification Director. In addition to running OSM server version T0682G07 AAI or later,
you must use OSM Notification Director version T0632G07 AAN (or later) to take
advantage of SSL support.
Disabled by default, SSL must be enabled in your OSMCONF file by adding or setting
to “On” the following OSMCONF parameter:
UseSSL = On
Once enabled (you must restart $ZCMOM, if running), you might see an additional
dialog box the first time you log on to the OSM Service Connection, asking you to trust
the SSL certificate distributed by Hewlett-Packard. To use SSL, you must select
Always or Yes. If you select Always, you will not be prompted again in subsequent
OSM logon attempts.
The SSL support built into OSM relies on a “shared” SSL certificate. For maximum
security, HP recommends that you obtain your own private SSL certificate. OpenSSL
toolkits, available as shareware, can help you generate your own SSL certificate. Once
you get your own signed SSL certificate and key password, you must perform these
additional steps for OSM to recognize your SSL certificate:
1. Overwrite the following files in $SYSTEM.ZSERVICE with the versions you receive
with your signed SSL certificate:
°
CACERT
°
SERVCERT
°
SERVKEY
2. Add the following parameter to your OSMCONF file (restart $ZCMOM, if running) :
SERVKEYPASS = key_password
where key_password is your private password
3. To protect your password, HP recommends that you change your OSMCONF file
so it is readable only by the super.super user id.
Note. Secure Sockets Layer (SSL) must be enabled in order to use HP Systems Insight
Manager (SIM) in conjunction with OSM.