9.4.4 Configuring JP1/IM - Manager
This subsection explains the settings for enabling and disabling the communication encryption function and placing certificates in JP1/IM - Manager.
- Organization of this subsection
(1) Enabling and disabling the communication encryption function
For the enable/disable setting for the communication encryption function, JP1/IM - Manager references the common definition information specified in JP1/Base.
When JP1/IM - Manager starts, it references the common definition information specified in JP1/Base. For details about the common definition information that is specified in JP1/Base, see the chapter on SSL communication definition files in the JP1/Base User's Guide.
Also when JP1/IM - Manager starts, it outputs a message confirming that the communication encryption function's enable/disable setting is the same on JP1/IM - Manager and JP1/Base (manager host). If the function is enabled, the KAVB8810-I message is output to the integrated trace log. If the function is disabled, the KAVB8811-I message is output to the integrated trace log. For details about the enable/disable setting for the communication encryption function, see 9.4.5 Checking whether the communication encryption function has been configured correctly.
(2) Specifying SSL versions and certificate locations
For the SSL version and certificate locations, JP1/IM - Manager references the common definition information specified in JP1/Base. For details about the common definition information that is specified in JP1/Base, see the chapter on SSL communication definition files in the JP1/Base User's Guide.
(3) Keystores for JP1/IM - Manager
If private keys or keystores for JP1/IM - Manager have been obtained, the JP1/IM - Manager administrator must manage them securely because encrypted communication data might be compromised. Set a folder that stores private keys or keystores for JP1/IM - Manager in such a manner that general users will not be able to reference the folder.
A keystore for JP1/IM - Manager is a file used by JP1/IM - Manager to establish encrypted communication. It stores the following data:
-
Private keys
-
Server certificates
-
Intermediate CA certificates (if used)
Its storage location on the manager host is set as follows:
-
For physical hosts
Windows: Manager-path\conf\ssl\server.keystore
UNIX: /etc/opt/jp1imm/conf/ssl/server.keystore
-
For logical hosts
Windows: shared-folder\JP1IMM\conf\ssl\server.keystore
UNIX: shared-directory/jp1imm/conf/ssl/server.keystore