Manualshelf

HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Linux Software
391392393394395396397398399400
you select Require, you must set up the trust by manually installing the system’s certificate into the HP SIM
Trusted System Certificate List. This option is the most secure.
NOTE: The HP SIM certificate must also be installed on the managed system. See “Exporting a server
certificatefor more information about exporting the HP SIM server certificate.
Importing trusted certificates
If you have selected Require on the Trusted System Certificates page, you must import certificates that
represent the
managed systems
you want to trust to the Trusted Certificates List. You can import the
certificate
of the system itself on a per-system basis. You can also import the signing certificate of the
Certificate Authority
(CA)
or intermediate CA used to sign and issue certificates for groups of systems, which simplifies the
maintenance of this list.
1. Select OptionsSecurityCertificatesTrusted Certificates, and then click Import. The Import
Trusted System Certificate section appears.
2. Next to the Certificate filename field, click Browse.
The Choose file dialog box appears.
3. Navigate to the location of the certificate to be imported, and then select the file name. Click Open.
The certificate is imported.
For
Single Login
and
Secure Task Execution
(STE) to function properly, the
managed system
must be running
a supported agent and be configured to trust the HP SIM server. The trust mode is configured from the System
Management Homepage (SMH). The following trust modes are available:
Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept
configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted
server to provide authentication by means of a digital signature and certificates. This mode provides the
highest level of security because it verifies the digital signature before allowing access. HP recommends this
option.
NOTE: If you do not want to enable any remote configuration changes by HP SIM, leave Trust by
Certificate selected, and leave the list of trusted systems empty.
Trust By Name. The Trust By Name mode sets the System Management Homepage to accept certain
configuration changes only from servers with the HP SIM names designated in the Trust By Name field.
The Trust By Name option is easy to configure, and prevents nonmalicious access. For example, you might
use this option if you have a secure network with two separate groups of administrators in two separate
divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP
SIM server name submitted, not the digital signature.
Trust All. The Trust All mode sets the System Management Homepage to accept configuration changes
from any system. For example, you could use the Trust All option if you have a secure network, and everyone
in the network is trusted.
NOTE: For Trust By Certificate, the certificate from the HP SIM system can be installed during the initial
support pack deployment. See “Initial ProLiant Support Pack Install” for more information.
Related topics
Requiring trusted certificates
Importing trusted certificates
Setting up trust relationships
Exporting trusted certificates
392 Tools that extend management