Enable Secure Sockets Layer (SSL)

HP Web Jetadmin administrators enable SSL by adding a certificate to the HP Web Jetadmin application. This certificate forces the browser to use the more secure HTTPS protocol when a user accesses the client logon page. The administrator must enable SSL from the console or host that runs the application by using the procedure in Configure HTTPS (Server Certificates or SSL) on page 15. When a remote administrator accesses Tools > Options > Shared > Network > HTTPS, a message appears stating that certificates can only be installed from an HP Web Jetadmin client that runs on the console or server that hosts HP Web Jetadmin.

In some environments, SSL is required when an HTTP interface or service is used for communication. In these cases, SSL can be enabled and enforced by HP Web Jetadmin. SSL provides a high level of assurance regarding the authentication and encryption of HTTP communication. That is, a user who requests access to the HP Web Jetadmin Smart Client download can be reasonably assured that the system hosting

HP Web Jetadmin is authentic and the communication between the two systems is encrypted so that it cannot be easily read by eavesdroppers.

The SSL protocol uses certificates to accommodate both authentication and encryption. HP Web Jetadmin can generate a signing request that can be used by a certificate authority (CA) to generate a certificate. Using Tools > Options > Shared > Network > HTTPS, the user can generate a Signing Request.

Once the request has been fulfilled by the CA, the certificate is ready to be installed on HP Web Jetadmin. Remember, you must be at the application console to use Tools > Options > Shared > Network > HTTPS. Use Install Certificate to browse and upload the certificate file.

Once the certificate is installed, the HTTP service enforces SSL. Any browser contact with HP Web Jetadmin should indicate HTTPS on the URL when a certificate is installed. Using Remove Certificate uninstalls the certificate and SSL is no longer enforced.

Important Points to Remember When Implementing SSL

Client communication with SSL enforced requires one or more of the following considerations.

For new server certificates, you must install 2048-bit certificates. Any previously installed 1024-bit server certificates continue to function correctly.

When SSL has been implemented on HP Web Jetadmin with an internal certificate authority (CA), the CA’s authorizing certificate must be installed in the client browser. If this certificate is not installed in the client browser the HP Web Jetadmin Smart Client page will fail to load up in SSL mode.

Proxy servers tend to use the standard SSL port 443. If the HP Web Jetadmin Smart Client page is being called through a proxy server, a redirect error may occur. This is due to the URL being redirected to 443 rather than 8443 which is the port used by the HP Web Jetadmin SSL. The workaround for this is to place the HP Web Jetadmin fully qualified domain name (FQDN) into the browsers exceptions list under Tools > Internet Options > Connections > LAN Settings > Advanced. This causes the browser to pull HTTP and HTTPS content directly from the HP Web Jetadmin server.

NOTE: HP Web Jetadmin HTTP and HTTPS port numbers can be customized to something other than 8000 and 8443.

When you have implemented SSL on HP Web Jetadmin, a redirect occurs when the browser URL uses port 8000. Here is an example:

The known URL prior to SSL implementation is http://servername.domain.xxx:8000.

After SSL implementation, HP Web Jetadmin will redirect this to a new URL: https:// servername.domain.xxx:8443.

The URLs shown here use FQDN. In most cases the certificate issued and installed in the

HP Web Jetadmin SSL implementation will contain an FQDN for the host on which HP Web Jetadmin is

14 Chapter 1 Install and Set Up HP Web Jetadmin

ENWW