HP Systems Insight Manager 7.2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Windows Software

241

242

243

244

245

246

247

248

249

250

The purpose of the Trusted System Certificates List in HP SIM is to maintain a list of certificates in

the HP SIM keystore. Certificates include the HP SIM system certificate and the certificates of

managed systems that are trusted by the HP SIM system. These imported certificates are placed in

the keystore and appear in the Trusted System Certificates List.

The Trusted System Certificate List page includes the following options:

• Always Accept

If Always Accept is selected, SSL always accepts the certificate presented by a system in the

SSL connection. This setting is the default and is vulnerable to man-in-the-middle attacks, but

it is the easiest option to use.

• Require

If Require is selected, SSL connections succeed only for systems represented in the Trusted

System Certificate List, either by its certificate or its CA-signing certificate (if applicable). You

must set up the trust by manually installing the system's certificate or its CA-signing certificate,

(if applicable), into the HP SIM Trusted System Certificate List. This option is the most secure,

but it is the most difficult to implement.

HP SIM provides the following trusted certificate options:

• Import trusted certificate.

Select Options→Security→Credentials→Trusted Systems, and then click Import.

• Export certificate

Select Options→Security→Credentials→Trusted Systems, and then click Export.

• Delete trusted certificate

Select Options→Security→Credentials→Trusted Systems, select the certificates to be deleted,

and then click Delete.

Related information

Importing trusted certificates

If you have selected Require on the Trusted System Certificates page, you must import certificates

that represent the managed systems you want to trust to the Trusted Certificates List. You can import

the certificate of the system itself on a per-system basis. You can also import the signing certificate

of the CA or intermediate CA used to sign and issue certificates for groups of systems, which

simplifies the maintenance of this list.

NOTE: Only users with administrative rights can import certificates into the HP SIM Trusted System

Certificates List.

NOTE: HP SIM supports only importing certificates that have public key sizes of 2,048 bits or

less.

Procedure 104 Importing certificates into the Trusted System Certificates List

1. Next to the Certificate filename field, click Browse.

The Choose file dialog box appears.

2. Navigate to the location of the certificate to be imported, and then select the file name. Click

Open.

Related information

Exporting trusted certificates

Export the HP SIM server certificate to a file to facilitate deployment of the certificate into your

browser, enabling the browser to properly identify the HP SIM server. This certificate is a public

Trusted certificates 249