3 SMI Agent security
Mutual authentication setup
Before you enable mutual authentication for clients and indications, you need to do the following so the Configuration Tool will know the location of the certificate files:
•Configure the WbemClient.properties file with the location of the certificate files.
•Update the CLASSPATH variable in two files with the location of the WbemClient.properties file.
Configuring mutual authentication for clients
You can restrict access to the
By default, mutual authentication for clients is disabled, which means that any client can use the HTTPS communication protocol to communicate with the
Additionally, when mutual authentication for clients is enabled, the client must have a TrustStore that contains the certificate for an entry in the
Using the Brocade SMI Agent Configuration Tool, you can enable and disable mutual authentication for clients, import the client certificate to the
If you enable mutual authentication, you may choose to disable the
When you disable or enable mutual authentication for clients, the
1.Launch the Brocade SMI Agent Configuration Tool.
2.Click Mutual Authentication(Client) in the menu tree (see Figure 3 on page 14). The content pane displays the current setting, which is selected and dimmed.
3.To enable mutual authentication for clients, click the Enable Client Authentication radio button. If this option is unavailable, then mutual authentication for clients is already enabled.
To disable mutual authentication for clients, click the Disable Client Authentication radio button. If this option is unavailable, then mutual authentication for clients is already disabled.
4.Click the Stop Server to stop the
5.Click Apply.
6.If you enabled mutual authentication for clients, you can perform the following optional steps to allow only secure communication with trusted clients:
a.Disable HTTP access so that only HTTPS access is available to the clients. (See “Configuring HTTP access” on page 24.) Clients should preferably use HTTPS for all communications purposes if mutual authentication is enabled.
If you do not disable HTTP access, then any client can communicate with the
22 | Brocade SMI Agent User’s Guide |
|