HP SIM V5.1 User Guide (356920-009, January 2007)
When using a CA level certificate, any valid certificate signed by the CA level certificate is accepted by HP
SIM, whether it is already issued or issued at some point in the future.
To enable the Require option:
1. From the Administer tab select Options→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2. Select First Time Accept.
A warning message appears stating that when the first SSL connection to a managed system is attempted,
the managed system's certificate is imported into the Trusted Certificate List. You might need to run
identification after changing this setting to properly determine trust status.
3. Click OK . You can click Cancel to disable the First Time Accept option and return to the Trusted
System Certificates page.
To disable the Trusted System Certificates option:
1. From the Administer tab select Options→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2. Select another option.
A warning message appears.
3. Click OK. You can click Cancel to return to the Trusted System Certificates page.
Related topics
• Importing trusted certificates
• Exporting trusted certificates
• Deleting trusted certificates
• Installing OpenSSH
• Managing SSH keys
Setting up trust relationships
The following sections detail how to set up a trust relationship between an HP Systems Insight Manager (HP
SIM) CMS and a managed system.
Configuration at the managed system
For
Single Login
and
Secure Task Execution
(STE) to work, the
managed system
must be running a supported
agent and be configured to trust the HP SIM server. The trust mode is configured in System Management
Homepage (SMH). The following trust modes are available:
Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept
configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted
server to provide authentication by means of a digital signature and certificates. This mode is the strongest
method of security because it verifies the digital signature before allowing access. HP recommends this
option.
NOTE: If you do not want to enable any remote configuration changes by HP SIM, leave Trust by
Certificate selected, and leave the list of trusted systems empty.
Trust By Name. The Trust By Name mode sets the System Management Homepage to accept certain
configuration changes only from servers with the HP SIM names designated in the Trust By Name field.
The Trust By Name option is easy to configure, and prevents nonmalicious access. For example, you might
use this option if you have a secure network with two separate groups of administrators in two separate
divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP
SIM server name submitted, not the digital signature.
Trust All. The Trust All mode sets the System Management Homepage to accept configuration changes
from any system. For example, you could use the Trust All option if you have a secure network, and everyone
in the network is trusted.
Trusted certificates 169