Enabling mutual authentication for clients, Mutual authentication for indications, Enabling mutual authentication for indications – Brocade Communications Systems 53-1001778-01 User Manual
Page 64: Client configuration to use client certificates

48
Brocade SMI Agent User’s Guide
53-1001778-01
Mutual authentication for indications
4
Enabling mutual authentication for clients
1. Configure the SMI-A to support mutual authentication for clients. This can be done either
during installation using the installation wizard, or after installation, as described in
“Configuring mutual authentication for clients”
2. Optionally, disable HTTP access so that only HTTPS access is available to the clients. HTTPS
communication is preferred if mutual authentication is enabled. (See
3. Optionally, configure the WBEM client to use client certificates to communicate with the SMI-A.
(See
“Client configuration to use client certificates”
Mutual authentication for indications
You can restrict delivery of indications using mutual SSL authentication to only clients that are
trusted by the SMI-A.
By default, mutual authentication for indications is disabled, which means that the SMI-A uses SSL
to send CIM-XML indications to a WBEM client listener, but does not attempt to verify the identity of
the WBEM client listener. When mutual authentication for indications is enabled, then only those
clients whose certificates have been added to the SMI-A Indications TrustStore can use SSL to
receive indications from the SMI-A. That is, the SMI-A must have a TrustStore that contains a
certificate for an entry in the client’s Indications KeyStore.
Enabling mutual authentication for indications
1. Configure the SMI-A to support mutual authentication for indications. This can be done either
during installation using the installation wizard, or after installation, as described in
“Configuring mutual authentication for indications”
2. Optionally, disable HTTP access so that only HTTPS access is available to the clients. HTTPS
communication is preferred if mutual authentication is enabled. (See
3. Optionally, configure the WBEM client to use client certificates to communicate with the SMI-A.
(See
“Client configuration to use client certificates,”
next.)
Client configuration to use client certificates
After installation is completed, the client certificates are in the following location:
On Linux, Solaris, and AIX:
On Windows:
This folder has the following files:
•
.client.keystore
•
.client.truststore
•
client.cer
•
.client.ind.keystore