Setting up trust relationships, Configuration at the managed system – HP Systems Insight Manager User Manual

When using a CA level certificate, any valid certificate signed by the CA level certificate is accepted by HP
SIM, whether it is already issued or issued at some point in the future.

To enable the Require option:

1.

From the Administer tab select Options

→Security→Certificates→Trusted Certificates.

The Trusted Certificates page appears.

2.

Select First Time Accept.

A warning message appears stating that when the first SSL connection to a managed system is attempted,
the managed system's certificate is imported into the Trusted Certificate List. You might need to run
identification after changing this setting to properly determine trust status.

3.

Click OK . You can click Cancel to disable the First Time Accept option and return to the Trusted
System Certificates

page.

To disable the Trusted System Certificates option:

1.

From the Administer tab select Options

→Security→Certificates→Trusted Certificates.

The Trusted Certificates page appears.

2.

Select another option.

A warning message appears.

3.

Click OK. You can click Cancel to return to the Trusted System Certificates page.

Related topics

•

Importing trusted certificates

•

Exporting trusted certificates

•

Deleting trusted certificates

•

Installing OpenSSH

•

Managing SSH keys

Setting up trust relationships

The following sections detail how to set up a trust relationship between an HP Systems Insight Manager (HP
SIM) CMS and a managed system.

Configuration at the managed system

For

Single Login

and

Secure Task Execution

(STE) to work, the

managed system

must be running a supported

agent and be configured to trust the HP SIM server. The trust mode is configured in System Management
Homepage (SMH). The following trust modes are available:

Trust By Certificate

. The Trust by Certificate mode sets the System Management Homepage to accept

configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted
server to provide authentication by means of a digital signature and certificates. This mode is the strongest
method of security because it verifies the digital signature before allowing access. HP recommends this
option.

NOTE:

If you do not want to enable any remote configuration changes by HP SIM, leave Trust by

Certificate

selected, and leave the list of trusted systems empty.

Trust By Name

. The Trust By Name mode sets the System Management Homepage to accept certain

configuration changes only from servers with the HP SIM names designated in the Trust By Name field.
The Trust By Name option is easy to configure, and prevents nonmalicious access. For example, you might
use this option if you have a secure network with two separate groups of administrators in two separate
divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP
SIM server name submitted, not the digital signature.

Trust All

. The Trust All mode sets the System Management Homepage to accept configuration changes

from any system. For example, you could use the Trust All option if you have a secure network, and everyone
in the network is trusted.

Trusted certificates 169