HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide
Requiring trusted certificates
Trusted system certificates are certificates that represent managed systems. Enabling the Trusted System
Certificate option enables HP Systems Insight Manager (HP SIM) to authenticate the remote managed system.
For ease of use, this option is disabled; this scenario is typical and maintains a high level of security. For
maximum security, this option should be enabled, which requires extra configuration.
If Require is enabled, when HP SIM attempts to make a Secure Sockets Layer (SSL) connection to a managed
system, a certificate representing that system must be found in the HP SIM keystore or the SSL connection
and attempted operation fails. The attempted operation fails as well. The certificate representing the system
can be the system's SSL system certificate or the Certificate Authority (CA) level certificate that was used to
sign the system's certificate. For large numbers of systems, using having a handful of CA-level certificates to
sign all the system certificates can simplify the management and maintenance of the system certificates.
However, this option requires the presence of a certificate system in your environment, or the services of a
third-party security company.
CAUTION: If you select the Require option, a warning message appears, indicating that certain features
work only for systems whose certificates are represented in the Trusted Cer tificate List.
The HP SIM Trusted System Certificates List is only used when the Require option is enabled.
IMPORTANT: Changing the Require option can adversely affect the operation of HP SIM. Carefully read
and understand the warning described in this section.
When using a CA-level certificate, any valid certificate signed by the CA-level certificate is accepted by HP
SIM, whether it is already issued or issued at some point in the future.
To enable the Require option:
1. From the Administer tab, select Options→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2. Select Require. This setting restricts the CMS from accepting any connections other than SSL connections
with managed systems. The managed systems must have a certificate in the Certificate List. This option
does not affect browsing to the CMS.
A warning message appears indicating that certain features work only for systems whose certificates
are represented in the Trusted System Certificates List.
3. To require trusted certificates, click OK . To disable the Require option and return to the Trusted
System Certificates page, click Cancel.
To disable the Trusted System Certificates option:
1. From the Administer tab, select Options→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2. Select another option.
3. Click OK, or to leave the Require option enabled and return to the Trusted System Certificates
page, click Cancel.
Related topics
• Importing trusted certificates
• Exporting trusted certificates
• Deleting trusted certificates
• Installing OpenSSH
• Managing SSH keys
Setting up trust relationships
The following sections detail how to set up a trust relationship between an HP Systems Insight Manager (HP
SIM) CMS and a managed system.
Trusted certificates 181