Requirements for optional SSL encryption

This configuration is intended for customers who:

  • Do not want to create and maintain their own certificates
  • Do not want to take additional measures to protect against complex SSL-related attacks
  • Want to choose whether to enable SSL encryption from the client

Tip: Administrators can automatically enable the SSL encryption option for all web clients from the web.xml file, and from all Windows clients by deploying a customized client.

Certificates required
No additional certificates are required. HPE Service Manager provides the following certificates for SSL encryption out-of-the-box.
  • Keystore containing the certificate authority certificate – the default keystore is located in <Windows client installation path>\plugins\
  • Service Manager server certificate – the default certificate is located in <HPE Service Manager server installation folder>\RUN\smsrv.keystore
Private keys required
No additional private keys are required. HPE Service Manager provides the following private key for SSL encryption out-of-the-box.
  • HPE Service Manager server Private key – the default private key is located in <Service Manager server installation folder>\RUN\smsrv.keystore
Parameters required in the server configuration file (sm.ini)
  • No additional initialization parameters are required when using optional SSL encryption.
  • Optional SSL encryption does not require enabling SSL:1.

Note: If you are using optional SSL encryption, no additional initialization parameters are required. Once you enable SSL encryption, it is no longer optional.

Parameters required in the web tier configuration file (web.xml)
You can set the following web parameter to enable SSL encryption for web clients.
  • ssl – true
Windows client preferences required
You can set the following preference from the Connections > Advanced menu.
  • Use SSL Encryption – Encrypts communications from Windows client using the server's certificate
If you enable SSL encryption, then you must set the following preference from the Window > Preferences > HPE Service Manager > Security menu.
  • CA certificates file – identify the keystore containing the server's certificate authority certificate. The default keystore file is located in <Windows client installation path>\plugins\
Other requirements