HP Integrity rx5670 HP System Management Homepage Installation Guide - Page 59
Initializing the software for the first time, Key and certificate information
View all HP Integrity rx5670 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 59 highlights
10 Initializing the software for the first time After you have installed and configured HP SMH for the first time, a process to create a private key and corresponding self-signed Base64-encoded certificate is initiated. This certificate is a Base64-encoded PEM file. Key and certificate information • In HP-UX operating systems, both public and private keys for HP SMH are stored in the /var/opt/hpsmh/sslshare directory. The files are called file.pem (private key) and cert.pem (server certificate). • In Linux operating systems, both public and private keys for HP SMH are stored in the /etc/opt/hp/sslshare directory. The files are called file.pem and cert.pem. • In Windows operating systems, public and private keys are stored in the :\hp\sslshare directory of the system drive. To protect the keys, this subdirectory is only accessible to administrators if the file system allows such security. For private key security reasons, HP recommends that you install Windows installations of HP SMH on New Technology File System (NTFS). IMPORTANT: For Windows operating systems, the file system must use NTFS for the private key to have administrator only access through the file. If the private key is compromised, you can delete the :\hp\sslshare\cert.pem file and restart the server. This action causes HP SMH to generate a new certificate and private key. NOTE: Certificate and private key generation occurs only the first time HP SMH starts or when no certificate and key pair exists. A certificate from a certificate authority (CA), such as Verisign or Entrust, can replace self-generated certificates. These certificate and key files are shared with other HP Management software, such as HP SIM. Key and certificate information 59