Example: Enabling required SSL encryption and client authentication

The following example describes the following SSL configuration.

Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Requiring SSL encryption using the Service Manager server's signed certificate

Requiring client authentication using the Service Manager client's signed certificate

Generate a signed server certificate for the Service Manager server.

Generate a signed client certificate for each Service Manager client.

Install the signed certificates and supporting keys on the Service Manager server.
Copy the following keystore files into the RUN folder of the Service Manager server.

servercert.keystore – This keystore file contains the Service Manager server's signed certificate and private key
cacerts – This keystore file contains the certificate and private key of the certificate authority that signed the server's certificate

Install the certificate authority's certificate on your Service Manager clients.
Copy the cacerts keystore containing your private certificate authority's certificate to the default certificate paths of your clients.

<Web application server installation path>\WEB-INF folder of the Service Manager web tier
<Windows client installation path>\plugins\com.hp.ov.sm.client.common_x.xx folder of your Service Manager Windows clients

Stop the Service Manager server.

Open the Service Manager initialization file (sm.ini) with a text editor.

Add the following parameters to require SSL encryption using the Service Manager server's signed certificate.

keystoreFile:servercert.keystore – identifies the keystore file containing the Service Manager server's certificate and private key
keystorePass:changeit – identifies the password to the keystore file containing the Service Manager server's certificate and private key
truststoreFile:cacerts – identifies the keystore file containing the certificate authority's certificate
truststorePass:changeit – identifies the password to the keystore file containing the certificate authority's certificate
ssl:1 – Requires SSL encryption using the server's signed certificate.
ssl_reqClientAuth:1 – Requires Service Manager clients to present signed certificates to connect to the server.
sslConnector:1 – requires Service Manager clients to use an HTTPS port when communicating with the server.

Save the Service Manager initialization file.

Restart the Service Manager server.

Configure Service Manager web clients to validate the Service Manager server's signed certificate and present signed client certificates. To do so, stop the web application server running the Web tier, open the web configuration file (web.xml) in a text editor, and perform the following steps:

Set cacerts to the keystore containing your server's certificate authority, for example cacerts. You copied this keystore to the WEB-INF folder.
Set keystore to the keystore containing your web tier's signed certificate, for example clientcerts. You created this keystore when you created the client certificate request.
Set customize-folder to a folder on the web tier host.
Create an empty webtier.properties file in the <Customize-Folder>/config directory. Later, you will specify the keystore password in the webtier.properties file.

Note The keystorePassword parameter has been removed from the web tier configuration file (web.xml) since Service Manager 9.34p2. You must enter your web client keystore password in a webtier.properties file located in the <Customize-Folder>/config directory.
Save the web.xml file.
In the webtier.properties file, set the keystorePassword parameter to the password to access the client keystore. For details, see Encryption of client keystore passwords.

Configure Service Manager Windows clients to validate the Service Manager server's signed certificate and present signed client certificates.
Click Window > Preferences > Service Manager > Security, and do the following:

Set CA Certificates File to the cacerts keystore you copied to the <Windows client installation path>\plugins\com.hp.ov.sm.client.common_x.xx folder.
Set Keystore File to the keystore containing your Windows client's signed certificate, for example clientcerts. You created this keystore when you created the client certificate request.
Set Keystore password to the password required to access your client keystore. For example, ClientKeyPassword. You created this keystore password when you created the client certificate request.

Related topics

Connect

Micro Focus Marketplace

ITSM Blog for IT Service Management

ITSM Community

Documentation Forum

Learn

Software Support Online

Software Support Downloads

Software Education Services

Contact

Send Help Center feedback

Submit Service Request

View Service Requests