HP Systems Insight Manager 7.3 User Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 4.x HP-UX Software

101

102

103

104

105

106

107

108

109

110

Warning or error

If the certificate revocation check cannot be performed successfully, then HP SIM logs that as a

warning, but it does not cease the connection with the peer system. The connection will be ceased

only if HP SIM identifies the certificate as revoked.

In Two-Factor authentication, if the revocation check did not succeed or if the certificate is revoked,

then the user is not allowed to log-in to the CMS.

Conditions for warning

• If the CRL distribution point is not available in the certificate

• If the CRL distribution point does not contain HTTP URL

• If the CRL file is not available in the CRL directory (or expired), and if the file cannot be

downloaded from the CRL distribution point URL

Customizable properties

There are few CRL properties that can be configured through the globalsettings.properties

file present under HP SIM’s \config directory. The CRL GUI or the command line might not support

all these settings.

• Download timeout of CRL file:

Property name: CRL_FETCH_TIMEOUT

The default value is 10000 (10s)

• The expiring delay is 1 day by default. This can be customized using:

Property name: CRLExpirationStart

The default value is 1

• If you do not want to receive alerts on CRL expiration:

Property name: CRLAlert

1 — Enable

0 — Disable

• Proxy settings:

The proxy host and port can be configured using the below properties. The proxy settings can

be cleared off or removed if both these properties are removed, or set as empty in the

globalsettings.properties file.

Property name: PROXYHOST

Property name: PROXYPORT

Certificate sharing

HP SIM supports a mechanism whereby other components installed on the system can use the same

certificate and private key, facilitating authentication of the system as a whole instead of each

individual component. This is currently used by the Web Agents and the WBEM components on

the CMS.

SSH keys

An SSH key-pair is generated during initial configuration. The CMS public key is copied to the

managed system using the mxagentconfig tool. This key-pair is not the same as for SSL and requires

a manual process to regenerate a new pair. See the manpages or online documentation for

mxagentconfig for more details. See the Secure Shell (SSH) in HP SIM white paper located at

http://www.hp.com/go/insightmanagement/sim/docs.

Credentials management 107