Passwords, Password warnings, Browser session – HP Systems Insight Manager User Manual

Passwords

Password fields displayed by HP SIM do not display the password. Passwords between the browser
and the CMS are transmitted over SSL.

Password warnings

There are several types of warnings that can be displayed by the browser or by the Java plug-in
on the browser, most having to do with the SSL server certificate.

•

Untrusted system

This warning indicates the certificate was issued by an untrusted system. Since certificates are
by default self-signed, this is likely if you have not already imported the certificate into your
browser. In the case of CA-signed certificates, the signing root certificate must be imported.
The certificate can be imported before browsing if you have obtained the certificate by some
other secure method. The certificate can also be imported when you get the warning, but is
susceptible to

spoofing

since the host system is not authenticated. Do this if you can

independently confirm the authenticity of the certificate or you are comfortable that the system
has not been compromised.

•

Invalid certificate>

If the certificate is invalid because it is not yet valid or it has expired, it could be a date or
time problem, which could be resolved by correcting the system's date and time. If the certificate
is invalid for some other reason, it might need to be regenerated.

•

Host name mismatch>

If the name in the certificate does not match the name in the browser, you might get this
warning. This can be resolved by browsing using the system's name as it appears in the
certificate, for example, marketing1.ca.hp.com or marketing1. The HP SIM certificate supports
multiple names to help alleviate this problem. See the

“System link format” (page 104)

section

below for information on changing the format of names created in links by HP SIM.

•

Signed applet

Previous versions of HP SIM use a Java plug-in that can additionally display a warning about
trusting a signed applet. Those previous versions of HP SIM use an applet signed by
Hewlett-Packard Company, whose certificate is signed by Verisign.

Browser session

By default, HP SIM does not time-out a user session while the browser is displaying the HP SIM
banner. This is known as monitor mode, and allows a continuous monitoring of the managed
systems without any user interaction. The session times-out after 20 minutes if the browser is closed
or navigates to another site.

An active mode is also supported where the session times out after 20 minutes if the user does not
interact with HP SIM, by clicking a menu item, link or button. You can enable active mode by
editing the globalsettings.props file and change the EnableSessionKeepAlive setting to
false.

Best security practices include care when visiting other websites. You should use a new browser
window when accessing other sites; when you are finished using HP SIM you should both sign out
and close the browser window.

Internet Explorer zones

Internet Explorer supports several zones that can each be configured with different security settings.
The name used to browse to HP SIM or managed systems can affect which browser zone Internet
Explorer places the system. For example, browsing by IP address or full Domain Name System
(DNS) (for example, hpsim.mycorp.com) can place the system into the browser's more restrictive

Browser 103