First time accept of trusted certificates – HP Systems Insight Manager User Manual
Page 168
can simplify the management and maintenance of the system certificates. However, this requires the presence
of a certificate system in your environment, or the services of a third-party security company.
CAUTION:
If you select the Require option, a warning message appears, indicating that certain features
will work only for systems whose certificates are represented in the Trusted Certificate List.
The HP SIM Trusted System Certificates List is only used when Require or First Time Accept is enabled.
IMPORTANT:
Changing the Require option can adversely affect the operation of HP SIM. Carefully read
and understand the displayed warning as described below.
When using a CA level certificate, any valid certificate signed by the CA level certificate is accepted by HP
SIM, whether it is already issued or issued at some point in the future.
To enable the Require option:
1.
From the Administer tab select Options
→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2.
Select Require. This setting restricts the CMS from accepting any connections other than SSL connections
with managed systems. The managed systems must have a certificate in the Certificate List. This option
does not affect browsing to the CMS.
A warning message appears indicating certain features will only work for systems whose certificates
are represented in the Trusted System Certificates List.
3.
Click OK to require trusted certificates. You can click Cancel to disable the Require option and return
to the Trusted System Certificates page.
To disable the Trusted System Certificates option:
1.
From the Administer tab select Options
→Security→Certificates→Trusted Certificates.
The Trusted Certificates page appears.
2.
Select another option.
3.
Click OK. You can click Cancel to leave the Require option enabled and return to the Trusted System
Certificates
page.
Related topics
•
Importing trusted certificates
•
Exporting trusted certificates
•
•
•
First time accept of trusted certificates
Trusted system certificates are certificates that represent managed systems. Enabling the First Time Accept
option on the Trusted System Certificates page enables HP Systems Insight Manager (HP SIM) to import
certificates from the remote managed system the first time a Secure Sockets Layer (SSL) connection is made
to the remote system. Following the first SSL connection to the remote managed system, HP SIM requires that
the certificate be present in the Trusted System Certificates list to authenticate with the remote managed
system. For ease of use, this option is disabled. For extra security, this option should be enabled, which
requires some extra configuration.
CAUTION:
If you select the First Time Accept option, a warning message appears, indicating that certain
features will work only for systems whose certificates are represented in the Trusted Certificate List.
CAUTION:
This option is not as secure as the Require option, because there is a possibility of a
man-in-the-middle attack on the first connection.
The HP SIM Trusted System Certificates List is only used when Require or First Time Accept is enabled.
168 Networking and security