HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX

171

172

173

174

175

176

177

178

179

180

• Invalid Certificate Format appears in the debug log files followed by the

system this error message corresponds to.

The certificate was being sent from a program residing on a port that one of the HP SIM HP Insight

Management Agent should reside on. Another possible cause of this error is that the certificate sent to

the

CMS

was corrupt.

To correct this issue, verify that the Insight Management Agent running on the client system has not

been tampered with and is running as expected. Verify that no other programs on the client are using

the ports used by HP SIM. If this error continues, contact HP technical support. For information about

the ports that are used by HP SIM and its partner applications, see the

Understanding HP SIM 5.3

security

white paper at http://h18013.www1.hp.com/products/servers/management/hpsim/

infolibrary.html.

• Certificate has expired followed by the system name.

The expiration date of the certificate is past the current date.

To correct this issue, verify the certificate expiration date. If the expiration date is past the current date,

then a new certificate must be generated for this system. Otherwise, check the system date and time

on the CMS. If the CMS is out of date, then correct the date and time and try importing the certificate

again. See “Creating a server certificate” for information about generating a new certificate. See

“Importing a server certificate” for information about importing the certificate.

Related topics

• Networking and security

• Server certificates

• Trusted certificates

Trusted certificates

Trusted

certificates

provide the highest level of security. Users with

administrative rights

can import certificates

from other systems into the HP SIM Trusted System Certificates List.

The purpose of the Trusted System Certificates List in HP SIM is to maintain a list of certificates in the HP SIM

keystore

. Certificates include the HP SIM system certificate and the certificates of

managed systems

that are

trusted by the HP SIM system. These imported certificates are placed in the keystore and appear in the Trusted

System Certificates List.

The Trusted System Certificate List page includes the following options:

• Always Accept If Always Accept is selected, SSL always accepts the certificate presented by a system

in the SSL connection. This setting is the default and is vulnerable to man-in-the-middle attacks, but it is

the easiest option to use.

• Require If Require is selected, you must set up the trust by manually installing the system’s certificate

into the HP SIM Trusted System Certificate List. This option is the most secure, but it is the most difficult

to implement.

HP SIM provides the following trusted certificate options:

• Import trusted certificate. Select Options→Security→Credentials→Trusted Systems, and then

click Import.

• Export certificate Select Options→Security→Credentials→Trusted Systems, and then click

Export.

• Delete trusted certificate Select Options→Security→Credentials→Trusted Systems, select the

certificates to be deleted, and then click Delete.

Related procedures

• Importing trusted certificates

• Exporting trusted certificates

• Deleting trusted certificates

180 Networking and security