Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Secure Sockets Layer (SSL) configuration options
- Requirements for required SSL encryption
- Requirements for required SSL encryption and client authentication
- Example: Enabling required SSL encryption and client authentication
- Example: Generating a client certificate with OpenSSL
- Example: Generating a server certificate with OpenSSL
- Example: Viewing the contents of a cacerts file
- Add a client certificate to the web tier
- Add a client certificate to the Windows client
- Update the cacerts keystore file
- Use keytool to create a certificate request
- Use keytool to create a private key
- Requirements for required SSL encryption and trusted clients
- Enable SSL encryption for external Web Services
- Enable SSL encryption for published Web Services
Requirements for required SSL encryption and client authentication
This configuration is intended for customers who:
- Want to require SSL encryption for all connections
- Want to protect against complex SSL-related attacks
- Want to authenticate that the HPE Service Manager server is a valid host
- Want to authenticate that the HPE Service Manager clients are valid hosts
- Certificates required
- You must create or obtain the following certificates for SSL encryption.
- Certificate authority certificate *
- Keystore containing the certificate authority certificate *
- HPE Service Manager server certificate
- Web tier certificate
- Windows client certificates
- * A typical SSL configuration uses a single certificate authority to issue certificates for all authenticated components. If, however, you use multiple certificate authorities to sign your certificates, then you need to obtain a certificate for each certificate authority.
- Private keys required
- You must create or obtain the following private keys for SSL encryption.
- Certificate authority's private key *
- HPE Service Manager server's private key
- * This key is only necessary if you are managing your own private certificate authority.
- Parameters required in the server configuration file (sm.ini)
-
- keystoreFile – identify the keystore file containing the HPE Service Manager server's certificate and private key
- keystorePass – identify the password to the keystore file containing the HPE Service Manager server's certificate and private key
- ssl:1
- ssl_reqClientAuth:1
- sslConnector:1
- truststoreFile – identify the keystore file containing the certificate authority's certificate
- truststorePass – identify the password to the keystore file containing the certificate authority's certificate
- Parameters required in the web tier configuration file (web.xml)
- You must set the following web parameters.
-
- cacerts – identify the keystore file containing the certificate authority that signed the server's certificate
- keystore – identify the keystore containing the web tier's client certificate
- customize-folder – specify the absolute path to a folder on the web tier host in which the webtier.properties file is located
- Parameter required in the <Customize-Folder>/config/webtier.properties file
- You must set the following web parameter:
- keystorePassword – identify the password for the web tier's keystore
-
Note The keystorePassword parameter has been removed from the web tier configuration file (
web.xml
) since Service Manager 9.34p2. You must enter your web client keystore password in a webtier.properties file. For details, see Encryption of client keystore passwords. - Windows client preferences required
- You must set the following preferences from the Window > Preferences > HPE Service Manager > Security menu.
-
- CA certificates file – identify the keystore file containing the certificate authority that signed the server's certificate
- Keystore file – identify the keystore containing the Windows client's certificate
- Keystore password – identify the password for the Windows client's keystore
- Other requirements
- You must do the following additional steps to ensure that HPE Service Manager can use your private certificates.
- Add your private certificate authority's certificate to a keystore that your Web and Windows clients can access
- Ensure that the HPE Service Manager client's host name matches the common name (CN) listed in the client's signed certificate
- Ensure that the HPE Service Manager server's host name matches the common name (CN) listed in the server's signed certificate
Related concepts
Example: Enabling required SSL encryption and client authentication
Example: Generating a client certificate with OpenSSL
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file
Related tasks
Add a client certificate to the web tier
Add a client certificate to the Windows client
Update the cacerts keystore file
Related references
Requirements for required SSL encryption
Requirements for required SSL encryption and trusted clients
Requirements for trusted sign-on
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: