Web-based System Manager Administration Guide

Configuring for the SMGate Daemon

The SMGate daemon installed with Web-based System Manager Security allows you to run in secure applet mode without having to configure security on each managed system. SMGate serves as an SSL gateway between the client browser and the local web server.

To use the SMGate daemon, install the certificate issued by the Certificate Authority (CA) onto each client browser, as follows:

1. If you are using the Web-based System Manager internal certificate authority, you can get the CA certificate using the following procedure:
   1. Log in to the CA machine as root user.
   2. Start Web-based System Manager.
   3. Open the Management Environment and select your local host.
   4. Select Export Certificate Authority's Certificate from the task list.
   5. In the Export Certificate Authority's Certificate dialog, enter the full path name where the certificate is to be written.
   6. Click OK.

   Alternatively, from the command line, type:

   /usr/websm/bin/smexpcacert
   

   Note: If you are not using the Web-based System Manager internal certificate authority, then use your certificate authority's procedures for obtaining a copy of its certificate.

2. Copy the certificate to an HTTP Server directory so that you can access it from the client browser. The MIME type sent by the HTTP Server must be application/x-x509-ca-cert.

3. In each of your client browsers, point the browser to the CA certificate file and follow your browser's procedure to accept it as a signer certificate.

Your browsers are now set up to connect to your servers through theSMGate daemon. For information about enabling the SMGate daemon, see Enabling the SMGate Daemon. For information about running through SMGate, see Applet Mode.