HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide
Configuration of the managed system
For
Single Login
and
Secure Task Execution
(STE) to function properly, the
managed system
must be running
a supported agent and be configured to trust the HP SIM server. The trust mode is configured from the System
Management Homepage (SMH). The following trust modes are available:
Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept
configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted
server to provide authentication by means of a digital signature and certificates. This mode provides the
highest level of security because it verifies the digital signature before allowing access. HP recommends this
option.
NOTE: If you do not want to enable any remote configuration changes by HP SIM, leave Trust by
Certificate selected, and leave the list of trusted systems empty.
Trust By Name. The Trust By Name mode sets the System Management Homepage to accept certain
configuration changes only from servers with the HP SIM names designated in the Trust By Name field.
The Trust By Name option is easy to configure, and prevents nonmalicious access. For example, you might
use this option if you have a secure network with two separate groups of administrators in two separate
divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP
SIM server name submitted, not the digital signature.
Trust All. The Trust All mode sets the System Management Homepage to accept configuration changes
from any system. For example, you could use the Trust All option if you have a secure network, and everyone
in the network is trusted.
NOTE: For Trust By Certificate, the certificate from the HP SIM system can be installed during the initial
support pack deployment. See “Initial ProLiant Support Pack Install” for more information.
Importing the HP SIM certificate over the network
If you prefer importing the HP SIM certificate from a file, see Importing the HP SIM certificate from a file for
more information.
1. From a web browser, navigate to the managed server using the address:
https://managed-server:2381. The System Management Homepage appears.
2. Log in to the System Management Homepage.
3. On the Settings tab, select System Management Homepage→Security.
4. Click Trust Mode. The Trust Mode page appears.
5. To require trusted certificates, select Trust by Certificate.
6. To save the trust mode, click Save Configuration, or to cancel all changes, click Reset Values.
7. Click the browser Back button to return to the Trust Mode page.
8. To access the Trusted Management server certificate, click Trusted Certificate.
9. In the text box next to Add Certificate From Server, enter the name of the HP SIM server that contains
the certificate to be added.
10. Click Add Certificate From Server. The certificate information is presented for verification before it
is added to the list.
Note: Because this is a nonsecure request over HTTP, a malicious party could intercept the request and
substitute an untrusted certificate in response to the request. A more secure method for obtaining the
HP SIM certificate is described in the “Importing the HP SIM certificate from a file” section.
11. Verify the certificate information. , If you want to add it to the Trusted Certificate List, click Add Certificate
to Trust List.
Note: If you are setting up a trusted certificate on a cluster, see “Cluster” for more information.
Importing the HP SIM certificate from a file
1. Export the HP SIM server certificate from the HP SIM server to a file. See “Exporting a server certificate”
for more information.
2. Place the certificate file in a file location that is accessible by the file system of the managed system.
182 Networking and security