- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- Re: Certificate issues with servers when accessing...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2006 01:53 AM
тАО06-13-2006 01:53 AM
Certificate issues with servers when accessing via the Systems Management Homepage from SIM
Anytime we try to access a server's SMH from SIM, we receive a Security Alert window with the options of Yes, No, and View Certificate.
When selecting View Certificate, Certificate Information shows that the CA Root Certificate is not trusted.
My question is:
Shouldn't the certificate show ISSUED BY as being the SIM Server for the environment, instead of as the following (local system)?
Issued to: PMRIP02A (system)
Issued by: PMRIP02A (system)
We are using Secure Trust Mode with Trust by Certificate.
Under Trusted Manager Server Certificates on the SMH of our servers, the SIM server is listed.
Any suggestions would be of great help.
Nate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2006 02:46 AM
тАО06-13-2006 02:46 AM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
Well I have done it and it did not ask me again when I accessed the page.
But only when I access the SIM console using https://servername:50000.
If I access the SIM via https://serverip:50000 or https://localhost:50000 it still asks me to accept the trust certificate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2006 08:07 PM
тАО06-13-2006 08:07 PM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
1. the certificate must be valid (not expired)
2. the name of the server you are trying to access (what you write in the browser) must equal the server name contained in the certificate
3. the issuing authority must be trusted. If the SMH certificate is self-issued, like most of them are, you have to add it to your trusted certificates by installing it, as it was suggested before.
Hope I cleared things a little.
jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2006 08:13 PM
тАО06-13-2006 08:13 PM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
There are two certificates, actually. Please do not confuse them:
A: System Management Homepage certificate - (the one causing the message in this case). Its purpose is to prove identity of the managed server. Each server issues its own, usually, unless you create some in your own certificate authority and have the target servers use them instead.
B: System Insight Manager certificate - its purpose is to prove identity of the SIM to the SMH of the target server, so that the SIM can initiate some administrative actions (like install software and stuff).
BTW, Your configuration is correct, the SIM can manage the target servers OK I guess.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2006 09:28 AM
тАО06-14-2006 09:28 AM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
Thanks for your reply...
I understand that there are 2 certificates (one specific to the server, and the enterprise certificate for the SIM server).
Something isn't set up properly, or I'm missing something...
Whenever I try to replicate the Agent settings for the VC agent settings, SNMP settings, or Systems Management Homepage from the SIM server which is set up properly to another server, I receive a Not Trusted error.
My assumption was that it was related to the certificate(s) being used?
If you want, I could submit a screenshot of the error I'm getting.
Nate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2006 09:58 AM
тАО06-14-2006 09:58 AM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
When you try to go to the SMH from HPSIM and you get the security popup window - Do you still have to login after you go past the popup? If not, it sounds like the cert trust is working and you are getting the annoying local cert challenge that Albert mentioned.
If you do have to login that would explain why the Replicate Agent tasks are not working.
If you are not logging in after the cert challenge, and the Replicate Agent tasks are failing on the same system then that is confusing.
-Rich
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2006 06:53 PM
тАО06-14-2006 06:53 PM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
From your last line in your first post
"Under Trusted Manager Server Certificates on the SMH of our servers, the SIM server is listed."
I understood that you have no problems with your trust certificates as they have all been installed locally and working fine. right?
What I understand from your post is that you are wondering why do you still have this security alert eventhough you have this SIM security cert installed. Hope Im still on track?
I too have seen this problem and think I have managed to solve it in my environment.
When you try and access SMH from SIM console the security checks if not your SIM cert but your cert of the server you are trying to access. By default it uses system name to manage links to systems.
From OPTIONS->SECURITY->SYSTEM LINK CONFIGURATION you should be able to change the format to create a link to managed systems.
I changed mine to IP address as I manage a mixed environment and it seemed to do the trick for me.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2006 04:48 AM
тАО06-22-2006 04:48 AM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
Albert, I actually tried that with no luck.
I used the IP address instead of the System Name under System Link Configuration.
Everytime I access a SMH for a system, I have to login.
Every system shows a local certificate...I select OK, or install the certificate if it shows as untrusted...I still have to login, regardless if I access from the SIM server or locally on the box itself.
Stumped...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2006 01:46 PM
тАО06-22-2006 01:46 PM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
If you want to login to SMH locally without giving username/password, you can set it (after logging in) by clicking on settings -> System Management Homepage -> Security ->Local/Anonymous Access and then selecting Local Access checkbox and Administrator radio button and then Save the configuration.
You might try deleting the existing SIM server certificate and manually importing the SIM server cert to the trusted mgmt servers and then run discovery/identification task against this system. This should establish the trust relationship and you should be able to open SMH page (without logggin in) through SIM.
-Anantha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-26-2006 04:45 AM
тАО06-26-2006 04:45 AM
Re: Certificate issues with servers when accessing via the Systems Management Homepage from SIM
Nate