Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Generate a Self-Signed Root Certificate (hproot) and a Self-Signed Certificate (hpcert) Which Will Be Signed by hproot Using JsafeJCE Cryptography Provider
These commands are actually similar with the ones incorporated in the keystoregen.bat tool located in the C:\hp\UCMDB\UCMDBServer\tools\security directory.
This section describes how to manually generate a new self-signed root certificate (hproot) and a self-signed certificate (hpcert) which will be signed by hproot. All the files will be placed inside C:\newstores.
By default, UCMDB Server in FIPS mode already uses a certificate hierarchy similar to this.
-
Prerequisites
You have completed instructions in Set up the UCMDB Server JRE with Crypto-J Toolkit and the JCE Unlimited Strength Jurisdiction Policy jars.
-
Generate the self-signed root certificate hproot in C:\newstores.
keytool -genkey -alias hproot -validity 365 -keyalg RSA -keysize 2048 -storetype PKCS12 -providername JsafeJCE -keystore C:\newstores\hproot.keystore -ext bc:c="ca:true"
-
Export hproot in C:\newstores.
keytool -exportcert -alias hproot -keystore C:\newstores\hproot.keystore -storetype PKCS12 -storepass hppass -providername JsafeJCE -file C:\newstores\hproot.crt
-
Generate a self-signed certificate hpcert and place it inside server-fips.keystore. Make sure you set the correct SAN extension to the appropriate DNS.
keytool -genkey -alias hpcert -validity 365 -keyalg RSA -keysize 2048 -storetype PKCS12 -providername JsafeJCE -keystore C:\newstores\server-fips.keystore -ext san=dns:myucmdbserver.example.com,dns:localhost,ip:127.0.0.1
-
Export hpcert from the keystore.
keytool -exportcert -alias hpcert -keystore C:\newstores\server-fips.keystore -storetype PKCS12 -storepass <password> -providername JsafeJCE -file C:\newstores\hpcert.crt
-
Generate a certificate sign request for hpcert and place it in C:\newstores.
keytool -certreq -alias hpcert -keystore C:\newstores\server-fips.keystore -storetype PKCS12 -storepass <password> -providername JsafeJCE -file C:\newstores\hpcert_sign_request.csr
-
Generate the signed hpcert certificate signed by hproot and add the needed SAN extensions.
keytool -gencert -infile C:\newstores\hpcert_sign_request.csr -outfile C:\newstores\hpcert_issued_by_hproot.rsp -alias hproot -storetype PKCS12 -providername JsafeJCE -keystore C:\newstores\hproot.keystore -storepass hppass -ext san=dns:myucmdbserver.example.com,dns:localhost,ip:127.0.0.1
-
Concatenate the signed hpcert and hproot in the same file.
keytool -printcert -rfc -file C:\newstores\hpcert_issued_by_hproot.rsp >> C:\newstores\hpcertandroot.p7c keytool -printcert -rfc -file C:\newstores\hproot.crt >> C:\newstores\hpcertandroot.p7c
-
Import the hpcert (which is signed by hproot) into server-fips.keystore.
keytool -importcert -keystore C:\newstores\server-fips.keystore -storetype PKCS12 -providername JsafeJCE -alias hpcert -file C:\newstores\hpcertandroot.p7c
-
Copy the newly generated server-fips.keystoreinto the security folder of the UCMDB Server (C:\hp\UCMDB\UCMDBServer\conf\security) to overwrite the existing files.
-
Copy the UCMDB root certificate to each Probe machine
Copy the certificate file C:\HP\UCMDB\UCMDBServer\conf\security\hproot.crt from the UCMDB Server machine to the following folder on each Data Flow Probe machine:
C:\HP\UCMDB\DataFlowProbe\conf\security\
-
Data Flow Probe Configuration
Note: You must configure each Data Flow Probe machine.Import the server's root certificate hproot.crt to the Probe’s Truststore.
-
Open the command prompt and run the command:
keytool -import -alias hproot -file C:\HP\UCMDB\DataFlowProbe\conf\security\hproot.crt - storetype PKCS12 -providername JsafeJCE -keystore C:\HP\UCMDB\DataFlowProbe\conf\security\FIPS_HPProbeTrustStore.jks
-
Enter the keystore password logomania.
-
When asked Trust this certificate?, press y and then Enter.
The following message is displayed:
Certificate was added to keystore.
-
-
Restart the Machines
Restart both the UCMDB server and the Probe machines.
