HP System Management Homepage-Software User Manual

HP recommends the following actions:

1.

Select Start

→Settings Control Panel.

2.

Double-click Windows Firewall to configure the firewall settings.

3.

Select Exceptions.

4.

Click Add Port.

You must enter the product name and the port number.

Add the following exceptions to the firewall protection:

Port Number

Product

2301

HP SMH Insecure Port:

2381

HP SMH Secure Port:

280

HP SIM Insecure Port:

50000

HP SIM Secure Port:

5.

Click OK to save your settings and close the Add a Port dialog box.

6.

Click OK to save your settings and close the Windows Firewall dialog box.

This configuration leaves the default SP2 security enhancements intact, but will allow traffic over
the ports previously indicated. These ports are required for HP Systems Insight Manager and
Version Control Repository Manager to run. Ports 2301 and 2381 are required for the Version
Control Repository Manager and ports 280 and 50000 are required by HP Systems Insight
Manager. The secure and insecure ports must be added for each product to enable proper
communication with the applications.

Why can't I import X.509 certificates directly into HP SMH?

Solution: HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This
certificate request should be supplied to the CA. Most Certificate Authorities return
Base64-encoded PKCS #7 certificate data that you can import directly into HP SMH by selecting
Settings

→HP System Management Homepage→Security→Local Server Certificate.

If the CA returns the certificate data in X.509 format, rename the X.509 certificate file as cert.pem
and place it into the \hp\sslshare directory. When HP SMH is restarted, this certificate is
used.

Why is my PKCS #7 cert data not accepted?

Solution: When using a Mozilla browser, there can be problems when cutting and pasting cert
request and reply data when using Notepad or other editors. To avoid these problems always
use Mozilla to open any certificate reply files from your CA. Be sure to use the Select All, Cut,
and Paste operations that are supplied by Mozilla when working with certificates.

Why is my private key file not protected by the file system?

Solution: If you are using Windows operating systems, you must have the system drive in NTFS
format for the private key file to be protected by the file system.

Why do I get errors when I paste my customer-generated certificate PKCS #7 data into the HP
Systems Insight Manager Certificate Data field in Settings

→HP System Management

Homepage

→Security→Trusted Management Servers ?

Solution: The customer-generated certificate PKCS #7 data is not relevant to the date given in the
Trusted Management Servers

field. The PKCS #7 data should be imported into the Customer

Generated Certificates Import PKCS #7 Data

field under Settings

→HP System Management

Homepage

→Security→Local Server Certificate. The HP Systems Insight Manager Certificate

Data

field is used to trust HP Systems Insight Manager servers with HP SMH. For more

information, refer to

“Trusted Management Servers”

.

Security Problems

49