Browser, Cookies, Passwords – HP Systems Insight Manager User Manual

the CLI command mxnodesecurity. A few passwords might be stored in a file on the CMS that are also
encrypted using the same 128-bit Blowfish key. These passwords can be managed using the mxpassword
command. The password file and the Blowfish key file are restricted with operating system file permissions
to administrators or root.

Prior to Systems Insight Manager 5.3, passwords configured on the Systems Insight Manager protocol settings
pages are stored in a local file on the CMS, restricted with operating system file permissions to administrators
or root. These passwords can be further managed using the mxnodesecurity command.

Browser

SSL

All communication between the browser and the CMS or any managed server occurs using HTTPS over SSL.
Any navigation using HTTP (not using SSL) is automatically redirected to HTTPS.

Cookies

Although cookies are required to maintain a logged in session, only a session identifier is maintained in the
cookie. No confidential information is in the cookie. The cookie is marked as secure, so it is only transmitted
over SSL.

Passwords

Password fields displayed by Systems Insight Manager do not display the password. Passwords between
the browser and the CMS are transmitted over SSL.

Password warnings

There are several types of warnings that can be displayed by the browser or by the Java plug-in on the
browser, most having to do with the SSL server certificate.

•

Untrusted system

This warning indicates the certificate was issued by an untrusted system. Since certificates are by default
self-signed, this is likely if you have not already imported the certificate into your browser. In the case
of CA-signed certificates, the signing root certificate must be imported. The certificate can be imported
before browsing if you have obtained the certificate by some other secure method. The certificate can
also be imported when you get the warning, but is susceptible to

spoofing

since the host system is not

authenticated. Do this if you can independently confirm the authenticity of the certificate or you are
comfortable that the system has not been compromised.

•

Invalid certificate>

If the certificate is invalid because it is not yet valid or it has expired, it could be a date or time problem,
which could be resolved by correcting the system’s date and time. If the certificate is invalid for some
other reason, it might need to be regenerated.

•

Host name mismatch>

If the name in the certificate does not match the name in the browser, you might get this warning. This
can be resolved by browsing using the system’s name as it appears in the certificate, for example,
marketing1.ca.hp.com or marketing1. The Systems Insight Manager certificate supports multiple names
to help alleviate this problem. See the

System link format

section below for information on changing

the format of names created in links by Systems Insight Manager.

•

Signed applet

Previous versions of Systems Insight Manager use a Java plug-in that can additionally display a warning
about trusting a signed applet. Those previous versions of Systems Insight Manager use an applet
signed by Hewlett-Packard Company, whose certificate is signed by Verisign.

Browser session

By default, Systems Insight Manager does not time-out a user session while the browser is displaying the
Systems Insight Manager banner. This is known as monitor mode, and allows a continuous monitoring of

Browser

79