Trusted certificates – HP Matrix Operating Environment Software User Manual

device. For a virtual machine with valid credentials, VM Manager displays I/O utilization
data for each virtual storage device and for VM aggregated storage interfaces.

•

Virtual LAN (VLAN) interface name and status on the Network tab: This status is displayed
for a virtual machine with valid credentials, but invalid credentials will return an unknown
LAN status and utilization. It might display whatever information is available, for example,
the bus, dev, or the fcn number for the VLAN interface.

To change the WBEM credentials settings for virtual machines, return to the Set WBEM
Credentials for Virtual Machines

page by selecting Modify

→WBEM Credentials.... You do

not need to select a virtual machine before setting credentials.

IMPORTANT:

After you enter the data, save it by clicking OK. Otherwise, the data is cleared

when the session ends.

Trusted certificates

If you require the additional security provided by certificate validation you can turn on SSL
certificate validation by selecting the Require trusted certificates check box on the VM Manager
Set WBEM Credentials for Virtual Machines

page. With this setting turned on, the client

Certificate Trust Store must include the server certificates from the virtual machines; otherwise,
VM Manager cannot obtain certain information from the virtual machines. If your environment
does not require the additional security provided by certificate validation, you can leave certificate
validation turned off.

To enable SSL certificate validation in VM Manager, you must export the server certificates from
the WBEM services providers on the virtual machines, and import those certificates into the
keystore on the VM Host where VM Manager is running. This keystore is shared between Partition
Manager and VM Manager. Certificates in this keystore are trusted by both Partition Manager
and VM Manager.

To get the certificate file from the WBEM services provider, follow these steps:

1.

Locate the WBEM services provider certificate file (cert.pem) on the virtual machine to
which you want to connect. To find the correct file, open the WBEM services Provider
configuration file, which can be found in the following locations:
•

For Windows:

%PEGASUS_HOME%\cimserver_current.conf

•

For HP-UX:

$PEGASUS_HOME/cimserver_current.conf

(The default value for PEGASUS_HOME on HP-UX is /var/opt/wbem.)

The location of the server certificate file is configured by the sslCertificateFilePath
setting. If this value is not set in the configuration file, the default values are as follows:

•

For Windows:

%PEGASUS_HOME%\server.pem

•

For HP-UX:

/etc/opt/hp/sslshare/cert.pem

2.

Copy the certificate file (cert.pem or server.pem) to the VM Host where VM Manager
is running.

Setting security credentials

19