Highlighted
slesajak Respected Contributor.
Respected Contributor.
631 views

Is communication encrypted?

Jump to solution

Hello, our security team is interested if the channel is encrypted when we are connecting to a remote HP Records Manager workgroup server. We were not able to find the answer in the official documentation. Is it encryped? If not can it be enabled? What encryption is used then? Is it driven by the client or the server?

We are using .NET SDK for HP RM 83.

Thanks a lot,

Jakub

0 Likes
1 Solution

Accepted Solutions
slesajak Respected Contributor.
Respected Contributor.

Re: Is communication encrypted?

Jump to solution

I talked to a dev from HPE about the server certificate validation, the server certificate is intentionally ignored in clients and there will be added an option to enable it in future releases.. 

0 Likes
2 Replies
slesajak Respected Contributor.
Respected Contributor.

Re: Is communication encrypted?

Jump to solution

I found out that the communication is not encrypted in the default configuration. However, in HPE Records Manager Enterprise Studio in workgroup server's properties you can enable 'HTTPS' and select a certificate for it.

In order to connect from SDK using HTTPS you have to change the default protocol (tcp) via

Database.WorkgroupServerURL

property which is in following format:

{protocol}://{machine}:{port}
e.g. https://server.intra:1237
or tcp://server.intra:1137

I was not able to find any other way how to change the protocol. The connection is encrypted then (TLS 1.2 in my case), but the client ignores the server certificate (it's self-signed certificate which is not installed on my laptop).


Does anybody know whether the certificate validation can be enabled in the client?


Update: A useful source of information is in the following tutorial: Fun with 82 https from the native client

0 Likes
slesajak Respected Contributor.
Respected Contributor.

Re: Is communication encrypted?

Jump to solution

I talked to a dev from HPE about the server certificate validation, the server certificate is intentionally ignored in clients and there will be added an option to enable it in future releases.. 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.