Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Generate a Standalone Self-Signed Certificate (hpcert) Using JsafeJCE Cryptography Provider
This section describes how to generate a new hpcert certificate which will be placed in the server-fips.keystore and server-fips.truststore. If you do not want to use the default certificate hierarchy comes with UCMDB, you will need to make sure the standalone certificate which is generated here is also placed on all the SSL clients truststores (Probe truststore, UCMDB UI FIPS truststore (jssecacerts), UCMDB Browser, and UCMDB Configuration Manager).
-
Prerequisites
You have completed instructions in Set up the UCMDB Server JRE with Crypto-J Toolkit and the JCE Unlimited Strength Jurisdiction Policy jars.
-
Generate a Server keystore of type PKCS12 using the JsafeJCE cryptography provider.
Note All the generated files will be placed inside C:\newstores.
The keystore will contain a certificate with a Subject Alternative Name (SAN) extension with a DNS matching the URLs used to connect to the UCMDB Server. Change the SAN extension accordingly to match your UCMDB Server URL, IP address, and so on. For this guide, we are using the following DNS values: myucmdbserver.example.com, localhost and an IP address set to 127.0.0.1.
We assume that the UCMDB Server is installed at the default path C:\hp\UCMDB\UCMDBServer. From C:\hp\UCMDB\UCMDBServer\bin\jre\bin run the following command and complete all the details when prompted for certificate details:
Generate server-fips.keystore. Add the correct parameters to the SAN extension before running the command!!!
keytool -genkey -alias hpcert -validity 365 -keyalg RSA -keysize 2048 -storetype PKCS12 -providername JsafeJCE -keystore C:\newstores\server-fips.keystore -ext san=dns:myucmdbserver.example.com,dns:localhost,ip:127.0.0.1
-
Export the Certificate from server-fips.keystore.
From C:\hp\UCMDB\UCMDBServer\bin\jre\bin run the following command:
Export the Certificate from the keystore
keytool -exportcert -alias hpcert -keystore C:\newstores\server-fips.keystore -storetype PKCS12 -storepass <password> -providername JsafeJCE -file C:\newstores\hpcert.crt
-
Import Certificate into server-fips.truststore.
From C:\hp\UCMDB\UCMDBServer\bin\jre\bin run the following command:
Import hpcert in truststore
keytool -importcert -alias hpcert -file C:\newstores\hpcert.crt -providername JsafeJCE -storetype PKCS12 -keystore C:\newstores\server-fips.truststore
-
Copy the newly generated server-fips.keystore and server-fips.truststore from C:\newstores into the security folder of the UCMDB Server (C:\hp\UCMDB\UCMDBServer\conf\security) to overwrite the existing files.
-
Copy the UCMDB certificate to each Probe machine.
Copy the certificate file C:\HP\UCMDB\UCMDBServer\conf\security\hpcert.crt from the UCMDB Server machine to the following folder on each Data Flow Probe machine:
C:\HP\UCMDB\DataFlowProbe\conf\security\
-
Data Flow Probe Configuration.
Note You must configure each Data Flow Probe machine.
Import the server's certificate hpcert.crt to the Probe’s Truststore.
-
Open the command prompt and run the command:
keytool -import -alias hpcert -file C:\HP\UCMDB\DataFlowProbe\conf\security\hpcert.crt -storetype PKCS12 -providername JsafeJCE -keystore C:\HP\UCMDB\DataFlowProbe\conf\security\FIPS_HPProbeTrustStore.jks
-
Enter the keystore password logomania.
-
When prompted Trust this certificate?, press y and then Enter.
The following message is displayed:
Certificate was added to keystore.
-
-
Restart the Machines
Restart both the UCMDB server and the Probe machines.
