Brocade SMI Agent User’s Guide
23
53-1001778-01
SMI Agent security
3
b. Configure the WBEM client to use client certificates to communicate with the SMI-A. (See
“Client configuration to use client certificates”
on page 48.)
The changes take effect when you restart the server. Click Start Server to restart the server.
Configuring mutual authentication for indications
By default, mutual authentication for indications is disabled, which means that the SMI-A uses SSL
to send CIM-XML indications to a WBEM client listener, but does not attempt to verify the identity of
the WBEM client listener. When mutual authentication for indications is enabled, then only those
clients whose certificates have been added to the SMI-A Indications TrustStore can use SSL to
receive indications from the SMI-A. That is, the SMI-A must have a TrustStore that contains a
certificate for an entry in the client’s Indications KeyStore.
When you disable or enable mutual authentication for indications, the SMI-A server must be
stopped.
1. Launch the Brocade SMI Agent Configuration Tool.
2. Click Mutual Authentication(Indication) in the menu tree (see
Figure 10
on page 24).
The content pane displays the current setting, which is selected and dimmed.
3. To enable mutual authentication for indications, click the Enable Indication Authentication
radio button. If this option is unavailable, then mutual authentication for indications is already
enabled.
To disable mutual authentication for indications, click the Disable Indication Authentication
radio button. If this option is unavailable, then mutual authentication for indications is already
disabled.
4. Click the Stop Server to stop the SMI-A, if it is running. This button is unavailable if the server is
already stopped.
5. Click Apply.
6. If you enabled mutual authentication for indications, you can perform the following optional
steps to allow only secure communication with trusted clients:
a. Disable HTTP access so that only HTTPS access is available to the clients. (See
“Configuring HTTP access”
on page 24.) Clients should preferably use HTTPS for all
communications purposes if mutual authentication is enabled.
If you do not disable HTTP access, then any client can communicate with the SMI-A using
HTTP access.
b. Configure the WBEM client to use client certificates to communicate with the SMI-A. (See
“Client configuration to use client certificates”
on page 48.)
The changes take effect when you restart the server. Click Start Server to restart the server.