Warning or error, Conditions for warning, Customizable properties – HP Systems Insight Manager User Manual

Page 104: Certificate sharing, Ssh keys, Certificate sharing ssh keys

Advertising
background image

Warning or error

If the certificate revocation check cannot be performed successfully, then HP SIM logs that as a
warning, but it does not cease the connection with the peer system. The connection will be ceased
only if HP SIM identifies the certificate as revoked.

In Two-Factor authentication, if the revocation check did not succeed or if the certificate is revoked,
then the user is not allowed to log-in to the CMS.

Conditions for warning

If the CRL distribution point is not available in the certificate

If the CRL distribution point does not contain HTTP URL

If the CRL file is not available in the CRL directory (or expired), and if the file cannot be
downloaded from the CRL distribution point URL

Customizable properties

There are few CRL properties that can be configured through the globalsettings.properties
file present under HP SIM’s \config directory. The CRL GUI or the command line might not support
all these settings.

Download timeout of CRL file:

Property name: CRL_FETCH_TIMEOUT

The default value is 10000 (10s)

The expiring delay is 1 day by default. This can be customized using:

Property name: CRLExpirationStart

The default value is 1

If you do not want to receive alerts on CRL expiration:

Property name: CRLAlert

1 — Enable

0 — Disable

Proxy settings:

The proxy host and port can be configured using the below properties. The proxy settings can
be cleared off or removed if both these properties are removed, or set as empty in the
globalsettings.properties

file.

Property name: PROXYHOST

Property name: PROXYPORT

Certificate sharing

HP SIM supports a mechanism whereby other components installed on the system can use the same
certificate and private key, facilitating authentication of the system as a whole instead of each
individual component. This is currently used by the Web Agents and the WBEM components on
the CMS.

SSH keys

An SSH key-pair is generated during initial configuration. The CMS public key is copied to the
managed system using the mxagentconfig tool. This key-pair is not the same as for SSL and requires
a manual process to regenerate a new pair. See the manpages or online documentation for
mxagentconfig for more details. See the Secure Shell (SSH) in HP SIM white paper located at

http://www.hp.com/go/insightmanagement/sim/docs

.

104 Understanding HP SIM security

Advertising
Popular Brands
Popular manuals