10 manage certificates, About certificates, Specify a certificate file at connect time – HP Neoview Release 2.5 Software User Manual
Page 125: Generate a self-signed certificate
10 Manage Certificates
About Certificates
The current release of the Neoview platform allows you to use either a self-signed certificate or
a certificate signed by a Certificate Authority (CA) of your choice.
This section describes how to:
•
Specify a certificate file when you connect to a system
•
Generate a self-signed certificate
•
Obtain a CA certificate and private key
•
Generate a Certificate Signing Request (CSR)
•
Install a CA certificate on the Neoview platform
Related Topics
“Specify a Certificate File at Connect Time” (page 125)
“Generate a Self-Signed Certificate” (page 125)
“Obtain and Install a CA Certificate and Private Key” (page 126)
“Generate a Certificate Signing Request (CSR)” (page 127)
“Install Root and Intermediate Certificates on the Neoview Platform” (page 128)
Specify a Certificate File at Connect Time
If the Auto Download Certificate option is disabled, the certificate file is not downloaded by
the driver to the client during connection. If there is no certificate file, the connection fails. A
system administrator can e-mail the certificate to specific users, and the users can save this
certificate file to their local workstations. At connection time, they can specify the certificate file
by completing the Certificate File field in the Connect / Edit System dialog box.
Related Topics
“About the Auto Download Certificate Option” (page 129)
“Use the Connect / Edit System Dialog Box” (page 26)
“Display Security Policies” (page 117)
Generate a Self-Signed Certificate
To use this procedure, you must be logged on as a user in the role of ROLE.SECMGR.
During installation or upgrade of your Neoview platform, HP support runs a post-installation
script to create a self-signed server certificate and generate a 2048-bit private key. The private
key is stored in a file accessible to ROLE.SECMGR.
This procedure allows a user in the role of ROLE.SECMGR to replace the self-signed server
certificate by creating and installing a new self-signed certificate. The certificate is downloaded
to the workstation from which the command is run. A self-signed certificate expires 2 years from
its creation date. Once you have created and installed a new certificate on the Neoview platform,
subsequent requests from clients are handled as follows:
•
If the Auto Download Certificate option is in effect, the new certificate is downloaded to
the workstation.
•
If the Auto Download Certificate option is not in effect, the connection request fails. In this
case, you must either enable auto download or distribute the certificate by other means.
To generate a self-signed certificate
1.
Log on as a user belonging to ROLE.SECMGR. For more information about logging on, see
“Connect to a System” (page 25)
.
2.
Select the Security area. For more information about areas, see
About Certificates
125