Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Hardening Methods
- How to Change the System User Name or Password for the JMX Console
- How to Enable Mutual Certificate Authentication for SDK
- How to Configure a Reverse Proxy
- How to Change the Server Keystore Password
- How to Enable or Disable HTTP/HTTPS Ports
- How to Map the UCMDB Web Components to Ports
- How to Modify the PostgreSQL Database Encrypted Password
- How to Set the JMX Console Encrypted Password
- How to Set the UpLoadScanFile Password
- How to Retrieve the Current LW-SSO Configuration in a Distributed Environment
- How to Configure LW-SSO Settings
- How to Configure Confidential Manager Communication Encryption
- How to Configure Confidential Manager Client Authentication and Encryption Settings on the Probe
- How to Configure Confidential Manager Communication Encryption on the Probe
- How to Configure the Confidential Manager Client’s Cache Encryption Settings on the Probe
- How to Export and Import Credential and Range Information in Encrypted Format
- How to Remove Credentials and Range Information by Domain Name
- How to Generate or Update the Encryption Key for Confidential Manager
- How to Configure CAC Support on UCMDB
- How to Configure CAC Support for UCMDB by Reverse Proxy
- How to Configure CAC (Smart Card / PKI Authentication) Support for the Embedded UCMDB Browser
- How to Harden the Data Flow Probe Connector in UCMDB
- How to Encrypt the Probe Keystore and Truststore Passwords
- How to Enable Login to Universal CMDB with LW-SSO
- How to Test LDAP Connections
- How to Search LDAP Users
- How to Configure the Universal CMDB Server with Confidential Manager
- How to Set the IIS server as the Front-End Server for UCMDB
- How to Enable Secure Login for the JMX Console
- How to Mark Sensitive Settings and Enable Storing Encrypted Data in the Database Using JMX
- How to Set Shared Key for Encrypting or Decrypting the InfrastructureSettings.xml File Using JMX
How to Enable Mutual Certificate Authentication for SDK
This mode uses SSL and enables both server authentication by the UCMDB and client authentication by the UCMDB-API client. Both the server and the UCMDB-API client send their certificates to the other entity for authentication.
Note
- The following method of enabling SSL on the SDK with mutual authentication is the most secure of the methods and is therefore the recommended communication mode.
-
The keystore used for client SDK must be in Java Keystore (JKS) format. The Java Cryptography Extension KeyStore (JCEKS) or other formats are not supported.
-
The keystore used for SDK must contain only one key-pair and nothing else in it. The password for this key-pair must be the same as the one for keystore.
-
Harden the UCMDB-API client connector in UCMDB:
-
Access the UCMDB JMX console: Launch a Web browser and enter the following address: https://<UCMDB machine name or IP address>:8443/jmx-console. You may have to log in with a user name and password
-
Locate UCMDB:service=Ports Management Services and click the link to open the Operations page.
-
Locate the PortsDetails operation and click Invoke. Make a note of the HTTPS with client authentication port number. The default is 8444 and it should be enabled.
-
Return to the Operations page.
-
To map the ucmdb-api connector to the mutual authentication mode, invoke the mapComponentToConnectors method with the following parameters:
-
componentName: ucmdb-api
-
isHTTPSWithClientAuth: true
-
All other flags: false
The following message is displayed:
Operation succeeded. Component ucmdb-api is now mapped to: HTTPS_CLIENT_AUTH ports.
-
-
Return to the Operations page.
-
- Repeat step 1 for the ping component.
-
Make sure the JRE that runs the UCMDB-API client has a keystore containing a client certificate.
Note The UCMDB-API client certificate must have the minimum size key no less than 2048 bits.
- Export the UCMDB-API client certificate from its keystore.
-
Import the exported UCMDB-API client certificate to the UCMDB Server Truststore.
-
On the UCMDB machine, copy the created UCMDB-API client certificate file to the following directory on UCMDB:
C:\UCMDB\UCMDBServer\conf\security
-
Run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -import -v -keystore
C:\UCMDB\UCMDBServer\conf\security\server.truststore -file <exported UCMDB-api client certificate> -alias ucmdb-api -
Enter the UCMDB Server Truststore password.
-
When asked, Trust this certificate?, press y and then Enter.
-
Make sure the output Certificate was added to the keystore.
-
-
Export the UCMDB server certificate from the server keystore.
-
On the UCMDB machine, run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore
C:\UCMDB\UCMDBServer\conf\security\server.keystore -file C:\UCMDB\UCMDBServer\conf\security\server.cert -
Enter the UCMDB Server keystore password.
-
Verify that the certificate is created in the following directory:
C:\UCMDB\UCMDBServer\conf\security\server.cert
-
- Import the exported UCMDB certificate to the JRE of the UCMDB-API client truststore.
-
The certificate used by the API Client must contain in it's Common Name (CN) field the name of a user that's present in UCMDB.
This user MUST have an EMPTY password and all required permissions for SDK access.
To set an empty password to an existing UCMDB user,
- Go to JMX Console > UCMDB:service=URM Services > listResourceTypes.
-
Click Auth_USER.
-
Click your user and wait for the XML to load.
-
In the XML, replace the password with s39t3O*tfoZXg30xd/nvJGL5is8=.
-
Click Save resource.
- Restart the UCMDB Server and the UCMDB-API client.
-
To connect from the UCMDB-API client to UCMDB-API server, use the following code:
UcmdbServiceProvider provider = UcmdbServiceFactory.getServiceProvider ("https", <SOME_HOST_NAME>, <HTTPS_WITH_CLIENT_AUTH_PORT_NUMBER (default:8444>));
UcmdbService ucmdbService = provider.connect(provider.createCertificateCredentials(<TheClientKeystore. e.g: "c:\\client.keystore">, <KeystorePassword>), provider.createClientContext(<ClientIdentification>));
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to cms-doc@microfocus.com.
Help Topic ID:
Product:
Topic Title:
Feedback: