Trusted certificates – HP Systems Insight Manager User Manual
Page 164
•
Invalid Certificate Format is displayed in the debug log files followed by
the system this error message corresponds to.
The certificate is being sent from a program residing on a port that one of the HP SIM HP Insight
Management Agent should reside on. Another possible cause of this error, is that the certificate sent
to the Central Management Server (CMS) was corrupt.
To correct this issue, verify that the Insight Management Agent running on the client system has not
been tampered with and is running as expected. Verify that no other programs on the client are using
the ports used by HP SIM. If this continues, contact HP technical support. For information on the ports
that are used by HP SIM and it’s partner applications, see
Understanding HP SIM 5.0 Security white
paper at
•
Certificate has expired,
followed by the system name.
The expiration date of the certificate is past the current date.
To correct this issue, verify the certificate expiration date. If the expiration date is past the current date,
then a new certificate must be generated for this system. Otherwise, check the system date and time
on the CMS. If the CMS is out of date, then correct the date and time and try importing the certificate
again. See
“Creating a server certificate”
for information on generating a new certificate and see
“Importing a server certificate”
for information on importing the certificate.
Related topics
•
•
•
Trusted certificates
Trusted
provide the highest level of security. Users with
can import
certificates from other systems into the HP Systems Insight Manager (HP SIM) Trusted System Certificates List.
The purpose of the Trusted System Certificates List in HP SIM is to maintain a list of certificates in the HP SIM
. Certificates include the HP SIM system certificate and the certificates of
that are
trusted by the HP SIM system. These imported certificates are placed in the keystore and are displayed in
the Trusted System Certificates List.
The Trusted System Certificate List page includes three options:
•
Always Accept
•
First Time Accept
•
Require
If Always Accept is selected, SSL will always accept the certificate presented by a system in the SSL
connection. This is the default setting and is vulnerable to man-in-the-middle attacks, but it is the easiest option
to use. If First Time Accept is selected, then the first time an SSL connection is made to a system, HP SIM
will install the system’s certificate into the Trusted System Certificate List. This option is vulnerable on the
initial SSL handshake. If Require is selected, you must set up the trust by manually installing the system’s
certificate into the HP SIM Trusted System Certificate List. This is the most secure option, but it is the most
difficult to implement.
The list of certificates is used when Require or First Time Accept are enabled. However, the list is
manageable, regardless of the acceptance state. It can include the certificate itself or a signing certificate,
if available. Using a signing certificate simplifies the management of the list because any certificate signed
by the signing certificate is valid and trusted. See
“Requiring trusted certificates”
for more information.
HP SIM provides the following trusted certificate options:
•
Import trusted certificate.
Select Options
→Security→Certificates→Trusted Certificates→[Import].
•
Export certificate
Select Options
→Security→Certificates→Trusted Certificates, and then click
Export
.
•
Delete trusted certificate
Select Options
→Security→Certificates→Trusted Certificates. Select
the certificates to be deleted, and click Delete.
164 Networking and security