Example: Enabling required SSL encryption

The following example describes the following SSL configuration.

  • Requiring SSL encryption using the Service Manager server's signed certificate

Note: This example builds on information presented in the topic Example: Generating a server certificate with OpenSSL.

  1. Generate a signed server certificate for the Service Manager server.
  2. Install the server's signed certificate and supporting key.
    Copy the following keystore files into the RUN folder of the Service Manager server.
    • servercert.keystore – This keystore file contains the Service Manager server's signed certificate and private key
    • cacerts – This keystore file contains the certificate and private key of the certificate authority that signed the server's certificate
  3. Stop the Service Manager server.
  4. Open the Service Manager initialization file (sm.ini) with a text editor.
  5. Add the following parameters to require SSL encryption using the Service Manager server's signed certificate.
    • keystoreFile:servercert.keystore – identifies the keystore file containing the Service Manager server's certificate and private key
    • keystorePass:changeit – identifies the password to the keystore file containing the Service Manager server's certificate and private key
    • truststoreFile:cacerts – identifies the keystore file containing the certificate authority's certificate
    • truststorePass:changeit – identifies the password to the keystore file containing the certificate authority's certificate
    • ssl:1 – Requires SSL encryption using the server's signed certificate.
    • sslConnector:1 – requires Service Manager clients to use an HTTPS port when communicating with the server.
  6. Save the Service Manager initialization file.
  7. Restart the Service Manager server.
  8. Stop the web application server running the web tier.
  9. Install the certificate authority's certificate on your Service Manager clients.
    Copy the cacerts keystore file into the WEB-INF folder of the Web application server running the Service Manager web tier. For example:
    C:\apache-tomcat-5.5.17\webapps\sm\WEB-INF
    
  10. Configure Service Manager web clients to validate the Service Manager server's signed certificate.
    Open the web configuration file (web.xml) in a text editor, and do the following:
    • Set cacerts to the cacerts file you copied to the WEB-INF folder.
  11. Configure Service Manager Windows clients to validate the Service Manager server's signed certificate.
    Click Window > Preferences > Service Manager > Security, and do the following:
    • Set CA Certificates File to the cacerts you copied to the <Windows client installation path>\plugins\com.hp.ov.sm.client.common_x.xx folder.

Related topics

Example: Generating a server certificate with OpenSSL
Secure Sockets Layer (SSL) configuration options
Requirements for required SSL encryption