Manualshelf

HP Insight Control Server Provisioning 7.2 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Insight Control including 1yr 24x7 Technical Support and Updates Single Server License
21222324252627282930
The default certificate generated by the appliance is self-signed, meaning it is generated entirely
by itself. By default, browsers do not trust self-signed certificates as they have no prior knowledge
of them. The browser will display a warning to allow the user to verify the content of the self-signed
certificate before accepting it.
A Certificate Authority (CA) can be used to simplify certificate trust management, where the trusted
CA is used to issue certificates. If the browser is already configured to trust the CA, certificates
signed by the CA are also trusted. A CA can be internal, operated and maintained within your
organization, or it can be an external third-party. The appliance supports importing a certificate
signed by a CA and using that instead of the self-signed certificate.
To obtain a CA-signed certificate, you first need to generate a Certificate Signing Request (CSR).
Under Settings, choose ActionsCreate certificate signing request, then take the response and
submit that to your CA in accordance with the CA’s instructions. When the CA signs and issues
the certificate, import the response back into the appliance. Under Settings, choose ActionsImport
certificate, cut and paste the content of the issued certificate into the text field, and press the OK
button.
4.8.1 Download
To download the appliance certificate for manual import into a browser you can use the browser
as described below:
Firefox during the Add Exception process, you can View the certificate and verify it. Then
from the Details tab you can Export the certificate as X.509 Certificate (PEM).
Internet Explorer click in the Certificate error area, View certificate, then the Details tab.
From here you can verify the certificate, then select Copy to File. Save the certificate as Base-64
encoded X.509.
4.9 Browser
4.9.1 General
SSL/TLS: SSL v3 and TLS should be enabled; SSL v2 is considered insecure and should not
be enabled in the browser unless there is some specific need for it.
Cookies must be enabled; a cookie is used to store the authenticated user’s session ID.
Certificates in Firefox or Internet Explorer are described more below; because the default
appliance certificate is self-signed, you will initially get a warning from the browser.
4.9.2 Firefox
When you get the certificate warning This Connection is Untrusted and you choose the
Add Exception option under I Understand the Risks, an exception will be added, but only for the
specific name being browsed to. So if you browse by another name to the same system, you will
again get the warning from Firefox. You can either add another exception for that name, or browse
to the original name.
You can manually import the certificate into Firefox outside of this warning and it will wildcard the
name, but you must also enable trust for that certificate. In the Advanced section under Options,
choose the Encryption tab, then the View Certificates button. An Import button allows you to import
a certificate. After that, select the certificate then the Edit Trust button and enable Trust the
authenticity of this certificate.
4.9.3 Internet Explorer
This certificate warning does not allow you to view or import the certificate, only to bypass it and
continue on. You can manually import a certificate from Internet Options. In the Content tab, choose
4.9 Browser 27