Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
 Words and Phrases
Words and Phrases
                                                        | Search for | Example | Results | 
|---|---|---|
| A single word | cat | Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". | 
| A phrase. You can specify that the search results contain a specific phrase. | "cat food"(quotation marks) | Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. | 
 Using Boolean Operators
Using Boolean Operators
                                                        | Search for | Operator | Example | 
|---|---|---|
| Two or more words in the same topic | 
 
 
 | 
 
 
 | 
| Either word in a topic | 
 
 | 
 
 | 
| Topics that do not contain a specific word or phrase | 
 
 | 
 
 | 
| Topics that contain one string and do not contain another | ^(caret) | cat ^ mouse | 
| A combination of search types | ( )parentheses | 
 
 | 
- Requirements for required SSL encryption and trusted clients
                                                        - Example: Enabling required SSL encryption and trusted clients
- Example: Generating a client certificate with OpenSSL
- Example: Generating a server certificate with OpenSSL
- Example: Viewing the contents of a cacerts file
- Add a client certificate to the Web tier
- Update the cacerts keystore file
- Use keytool to create a certificate request
- Use keytool to create a private key
 
Example: Generating a client certificate with OpenSSL
The following example describes how to create a signed client certificate using the OpenSSL toolkit as a private certificate authority. This example also uses the keytool utility available with the Sun Microsystems™ standard Java Development Kit. You can use a client certificate to validate that the client is authorized to connect to HPE Service Manager server or as part of a trusted sign-on configuration.
Note This example builds on information presented in Example: Generating a server certificate with OpenSSL. The information contained in this example regarding OpenSSL technology is provided by HPE as a courtesy to our customers and partners. This documentation does not replace an OpenSSL reference, and HPE encourages you to conduct additional research regarding OpenSSL technology by consulting with sources outside of this document. HPE hereby disclaims all liability associated with the use and accuracy of this information. As OpenSSL technology evolves, HPE may or may not update this reference.
- Log on to server where you installed your OpenSSL private certificate authority, and open the operating system's command prompt.
- Change directories to the Java platform's binfolder.
- 
                                                            Type the following command to create a private key and keystore for your Service Manager client. For example, to create a private key and keystore for your Service Manager web tier, type: keytool -genkey -keyalg RSA -alias clients -keystore <clientcerts>.keystoreNote When you repeat this step for multiple clients, replace <clientcerts> (and also <client> in the following steps) with a name that can identify every single client. For example, you can use the FQDN for each Windows client, and use the FQDN or smwebtier for your web tier client. Note HPE recommends that the keyalgparameter use a value ofRSArather than the default ofDSA. Doing so allows your TLS communications to use the stronger ECDHE cipher suites which are not vulnerable to Logjam attacks (CVE-2015-4000).
- When keytool prompts you, type the password phrase you want to use to protect your Service Manager client's keystore file. For example, ClientKeyPassword.
- When keytool prompts you for your first and last name, type the fully qualified host name of your Service Manager client system.
- When keytool prompts you for the organization unit, organization, city or locality, state or province, and two-letter country code, type the identification information for your company.
- Verify the information you provided and type yesif it is correct.
- 
                                                            When keytool prompts you for the password phrase to use for your Service Manager web tier's private key, press ENTER to use the same password as you created for the keystore. Note The password for the private key must match the password for the keystore file. 
- Type the following command to create a certificate request for your Service Manager client. For example, to create a certificate request for your Service Manager web tier, type:keytool -certreq -alias clients -keystore <clientcerts>.keystore -file <client>_certrequest.crs
- When keytool prompts you, type the password for the Service Manager client's keystore file (from step 4). For example, ClientKeyPassword.
- Copy the Service Manager client's certificate request (For example, <client>_certrequest.crs) to the OpenSSLbinfolder.
- Change directories to the OpenSSL binfolder.
- Type the following command to sign the Service Manager client's certificate request with your private certificate authority:openssl x509 -req -days 365 -sha256 -in <client>_certrequest.crs -CA mycacert.pem -CAkey cakey.pem -CAcreateserial -out <client>_cert.pem
- 
                                                            When OpenSSL prompts you, type the password for your certificate authority's private key. For example, CAKeyPassword.OpenSSL stores the new signed certificate ( <client>_cert.pem) in thenewcertsdirectory.Tip To view the contents of the signed certificate, you can type following command: openssl x509 -in <client>_cert.pem -text -noout
- Copy the signed client certificate (<client>_cert.pem) to the OpenSSL server's Java platformbinfolder.
- Open the operating system's command prompt.
- Change directories to the Java platform's binfolder.
- 
                                                            Type the following command to import the Service Manager client's signed certificate into a client keystore. keytool -import -trustcacerts -alias clients -keystore ./<clientcerts>.keystore -file <client>_cert.pem
- When keytool prompts you to trust the private certificate authority's certificate, type y.
- 
                                                            Copy the updated client keystore ( <clientcerts>.keystore) to the default certificate path of your client:- WEB-INFfolder of the Service Manager Web tier
- <Windows client installation path>\plugins\com.hp.ov.sm.client.common_x.xxfolder of your Service Manager Windows clients
 
- If you are using a trusted clients or trusted sign-on implementation, do the following:
- 
                                                                Import each client certificate you want to be part of the list of trusted clients to a trusted clients keystore.To do so, type the following command: keytool -import-alias client1 -file <client>_cert.pem -keystore trustedclients.keystore
- Copy the trusted clients keystore (trustedclients.keystore) to the Service Manager server's RUN folder.
 Click here to show or hide links to related topics.
Click here to show or hide links to related topics.
                                                        Related concepts
Example: Enabling required SSL encryption and client authentication
                                                                
Example: Enabling required SSL encryption and trusted clients
                                                                
Example: Enabling trusted sign-on
                                                                
Example: Viewing the contents of a cacerts file
                                                                
OpenSSL Web site
                                                                
Secure Sockets Layer (SSL) encryption and server certificates
                                                                
What are PEM files?
                                                                
What is a cacerts file?
                                                            
Related tasks
Add a client certificate to the web tier
                                                                
Add a client certificate to the Windows client
                                                                
Update the cacerts keystore file
                                                                
Use keytool to create a certificate request
                                                                
Use keytool to create a private key
                                                            
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to ovdoc-ITSM@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback:


 
                                                 
                                                 
                                                