Secure HTTP Connections

HP recommends that you connect to the HPOM Incident Web Service using HTTPS connections, which require a suitable certificate on the server. The management server installation creates a self-signed certificate for HTTPS communication, which is valid for 20 years. You can replace this with a different certificate if necessary. The port that the service uses for HTTPS communication depends on the configuration of the HPOM management server.

The default HTTPS port numbers are as follows:

• HPOM for UNIX

  Port 8444

• HPOM for Windows

  Port 443

For further security, HP recommends that you verify the hostname and certificate for each HTTPS connection. To verify the certificate for an HTTPS connection, the client system must trust the server's certificate. You may need to export the server's certificate and import it to the client system.

You can export the server's certificate from your management server as follows:

• HPOM for UNIX
  1. Open a shell and navigate to the directory that contains the keystore file:

     cd /var/opt/OV/certificates/tomcat/b

  2. Export the certificate using the following command:

     /opt/OV/nonOV/jre/b/bin/keytool -keystore tomcat.keystore -export -alias ovtomcatb -file /tmp/server.cer

• HPOM for Windows

  Export the certificate from the security settings in Internet Information Services Manager using the following options:

  • Do not export the private key.
  • Select the export format DER encoded binary X.509 (.CER).

After you export the server's certificate from the management server, you must import it using the appropriate tools for your client environment. You can then program your client to verify HTTPS connections using the methods that your client development toolkit provides.