Jump to content


English
hp.com home
HP Systems Insight Manager  |  Administering the Software  |  Trusted Certificates  |  Setting up Trust Relationships

Trusted Certificates
Setting up Trust Relationships

» HP Systems Insight Manager
»table of contents
»index
»Product Overview
»Getting Started
»Monitoring Systems, Events, and Clusters
»Using Tasks
»Using Default Tools
»Reporting
»Administering the Software
»Discovery
»Identification
»Filtering
»Manage System Types
»Events
»Status Polling
»Users and Authorizations
»Users
»Toolboxes
»System Groups
»Authorizations
»Networking and Security
»Server Certificates
»Trusted Certificates
»Importing Trusted Certificates
»Exporting Trusted Certificates
»Deleting Trusted Certificates
»Require Trusted Certificates
Setting up Trust Relationships
»WMI Mapper Proxy
»Protocols
»Clusters
»Data Collection
»Version Control Repository
»PMP Administrative Options
»Managed Systems
»Backing Up and Restoring the Database
»Audit Log
»Troubleshooting
»printable version
»glossary
»using help
Content starts here
» Configuration at the Managed System
» Setting up a Trust Relationship
» Related Procedures
» Related Topics

Configuration at the Managed System

For Single Login and Secure Task Execution (STE) to work, the managed system must be running a supported agent and be configured to trust the HP Systems Insight Manager server. Three levels of trust configuration are available and all are configured on the System Management Homepage or in other configurable components, such as HP Version Control Agent. Refer to documentation for the appropriate component for detailed instructions on setting these options.

Trust All. The Trust All mode sets the System Management Homepage to accept certain configuration changes from any system. For example, you could use the Trust All option if you have a secure network, and everyone in the network is trusted.

Trust By Name. The Trust By Name mode sets the System Management Homepage to accept certain configuration changes only from servers with the HP Systems Insight Manager names designated in the Trust By Name field. The Trust By Name option is easy to configure, and prevents non-malicious access. For example, you might use this option if you have a secure network with two separate groups of administrators in two separate divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP Systems Insight Manager server name submitted.

Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept configuration changes only from HP Systems Insight Manager servers with trusted certificates. This mode requires the submitted server to provide authentication by means of certificates. This mode is the strongest method of security since it requires certificate data and verifies the digital signature before allowing access. If you do not want to enable any remote configuration changes, leave Trust by Certificate selected, and leave the list of trusted systems empty by avoiding importing any certificates. HP recommends this option

  Note:

The certificate from the HP Systems Insight Manager system can be installed during the initial support pack deployment. Refer to Version Control - Initial ProLiant Support Pack Install for more information.

Setting up a Trust Relationship

How to set up a trust relationship between an HP SIM CMS and a managed Windows server having ProLiant Agents installed.

Setting up the central management server to Trust Managed ProLiant Servers

  1. In HP Systems Insight Manager, select OptionsSecurityCertificatesServer Certificates, and then click [Export]. Remember the location of the file (servcert.cert).

  2. (Optional) In HP Systems Insight Manager, select OptionsSecurityCertificatesTrusted Certificates, and then click [Import]. Locate and import the file which was exported in Step 1.

    Note: HP Systems Insight Manager uses the same keystore for the server certificate and trusted certificate.

  3. In Internet Explorer, select ToolsInternet OptionsContentCertificates and select the Trusted Root Certificate Authorities tab. Import the exported file in Step 1 and select Automatically select the certificate store....

Setting up the Managed Server to Trust the central management server

  1. Complete the following on the managed server:

    1. From a browser, open IE and browse to the managed server through https://managed-server:2381. The System Management Homepage is displayed.

    2. Log in to the System Management Homepage.

    3. Select SettingsSystem Management HomepageSecurity.

    4. Click Trust Mode. The Trust Mode page appears.

    5. Select Trust by Certificate to require trusted certificates.

    6. Click [Trust Certificate] to access the Trusted Management server certificate.

    7. Click [Save Configuration] to save the current configurations or [Reset Values] to cancel all changes.

    8. Enter the name of the HP Systems Insight Manager server that contains the certificate to be added.

    9. Click [Add Certificate From Server]. The certificate information is presented for verification/confirmation before it is added to the list.

    10. Verify the certificate information, and if you want to add it to the trusted certificate list, click [Add Certificate to Trust List].

    11. Select Trusted Management Server, and enter the HP Systems Insight Manager server name.

    12. Click [Import Certificate Data].

      Note: If you are setting up a trusted certificate on a cluster, refer to Troubleshooting - Cluster Problems for more information.

  2. On the HP Systems Insight Manager server, complete the following:

  3. In Internet Explorer, select ToolsInternet OptionsContentCertificates and select the Trusted Root Certificate Authorities tab. Import the copied file in Step 4d and select Automatically select the certificate store....

  4. (Optional) In HP Systems Insight Manager, select OptionsSecurityCertificatesTrusted Certificates, and then click [Import]. Locate and import the file which was exported in Step 1.

    Note: HP Systems Insight Manager uses the same keystore for the server certificate and trusted certificate.

  5. Open HP Systems Insight Manager and select OptionsSecurityCertificatesTrusted Certificates, and enable the Require trusted certificates option.

Browser Warning Messages - How to Manage

To have the browser warning messages stop displaying on the managed server, complete the following:

  1. From the browser, open Internet Explorer and browse to the managed server by https://managed_server:2381.

  2. On the Internet Explorer Security Alert, click [View Certificate].

  3. After reviewing the certificate, click [Install Certificate].

  4. Click [Next].

  5. Click [Place all certificates in the following store].

  6. Click [Browse].

  7. Select Trusted Root Certificate Authorities and click [OK].

  8. Click [Next].

  9. Click [Finish].

  10. Click [OK].

Related Procedures

» Server Certificates - Creating a CSR
» Server Certificates - Submitting a CSR
» Server Certificates - Importing a CA-Signed Certificate
» Server Certificates - Exporting a Server Certificate

Related Topics

» Administering the Software - Server Certificates
» Administering the Software - Trusted Certificates
» Administering the Software - Networking and Security
» Replicate Agent Settings - Creating a Replicate Agent Settings Task
© 2003-2005 Hewlett-Packard Development Company, L.P.