HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX

181

182

183

184

185

186

187

188

189

190

1. From the Administer tab, select Options→Security→Credentials→Trusted Systems.

The Trusted Certificates page appears.

2. Select Require. This setting restricts the CMS from accepting any connections other than SSL connections

with managed systems. The managed systems must have a certificate in the Certificate List. This option

does not affect browsing to the CMS.

A warning message appears indicating that certain features work only for systems whose certificates

are represented in the Trusted System Certificates List.

3. To require trusted certificates, click OK . To disable the Require option and return to the Trusted

System Certificates page, click Cancel.

To disable the Trusted System Certificates option:

1. From the Administer tab, select Options→Security→Credentials→Trusted Systems.

The Trusted Certificates page appears.

2. Select another option.

3. Click OK, or to leave the Require option enabled and return to the Trusted System Certificates

page, click Cancel.

Related topics

• Importing trusted certificates

• Exporting trusted certificates

• Deleting trusted certificates

• Installing OpenSSH

• Managing SSH keys

Setting up trust relationships

The following sections detail how to set up a trust relationship between an HP SIM

CMS

and a managed

system.

Configuration of the managed system

For

Single Sign On

and

STE

to function properly, the

managed system

must be running a supported agent

and be configured to trust the HP SIM server. The trust mode is configured from the HP SMH. The following

trust modes are available:

Trust By Certificate. The Trust by Certificate mode sets the System Management Homepage to accept

configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted

server to provide authentication by means of a digital signature and certificates. This mode provides the

highest level of security because it verifies the digital signature before allowing access. HP recommends this

option.

NOTE: If you do not want to enable any remote configuration changes by HP SIM, leave Trust by

Certificate selected, and leave the list of trusted systems empty.

Trust By Name. The Trust By Name mode sets the System Management Homepage to accept certain

configuration changes only from servers with the HP SIM names designated in the Trust By Name field.

The Trust By Name option is easy to configure and prevents nonmalicious access. For example, you might

use this option if you have a secure network with two separate groups of administrators in two separate

divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP

SIM server name submitted, not the digital signature.

Trust All. The Trust All mode sets the System Management Homepage to accept configuration changes

from any system. For example, you could use the Trust All option if you have a secure network, and everyone

in the network is trusted.

184 Networking and security