HP

System Management Homepage

English
  The Settings page  |  Security  |  Trust Mode   

Trust Mode

»Table of Contents
»Index
»Product overview
»Getting started
»Navigating the software
»The Home page
»The Settings page
»SMH Data Source management
»SNMP configuration
»UI options
»UI properties
»User preferences
»Security
»Anonymous/Local Access
»IP Binding
»IP Restricted Login
»Local Server Certificate
»Alternative Names Certificates
»Port 2301 and Autostart (Linux only)
»Port 2301 (Windows only)
»Timeouts
Trust Mode
»Trusted Management Servers
»Kerberos Authorization procedure (Windows Only)
»User Groups
»The Tasks page
»The Logs page
»The Installed Webapps page
»The Support page
»The Help page
»Legal notices
»Glossary
»Using Help

The Trust Mode link provides options to enable you to select the security required by your system. Some situations require a higher level of security than others. Therefore, you have the following security options:

  • Trust by Certificate  Sets HP SMH to accept configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted server to provide authentication by means of certificates. This mode is the strongest method of security because it requires certificate data and verifies the digital signature before allowing access. If you do not want to enable remote configuration changes, leave Trust by Certificate selected, and leave the list of trusted systems empty by not importing certificates.

    This is the default behavior on Linux Itanium.

    HP strongly recommends using this option because it is more secure.

  • Trust by Name  Sets HP SMH to accept configuration changes only from servers with HP SIM names designated in the Trust By Name field. For example, you might use this option if you have a secure network with two groups of administrators in two divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP SIM server that you designate.

    HP strongly recommends using the Trust by Certificate option because the other options are less secure.

  • Trust All  Sets HP SMH to accept specific configuration changes from systems. For example, you could use the Trust All option if you have a secure network, and everyone in the network is trusted.

    HP strongly recommends using the Trust by Certificate option because the other options are less secure.

Configuring Trust Mode

For Linux, the imported HP SMH certificates are stored in the /opt/hp/hpsmh/certs directory.

For Windows, the imported HP SIM certificates are stored in the systemdrive: \hp\hpsmh\certs directory.

You must have administrative authority to access this directory.

To trust by certificate:

  1. Select Settings from the menu.

  2. In the System Management Homepage box, click the Security link .

  3. Click the Trust Mode link.

  4. In the Secure Trust Modes box, click the Trust by Certificate radio button.

    Choosing this option sets up the HP SMH to accept Secure Task Executions and Single Sign On requests that are signed by a HP SIM with a Trusted Certificate.

  5. Click [Apply].

To trust by name:

  1. Select Settings from the menu.

  2. In the System Management Homepage box, click the Security link.

  3. Click the Trust Mode link.

  4. In the Other Trust Modes box, click the Trust by Name radio button.

  5. In the Server Certificate Name textbox, enter the Server Certificate Name.

  6. Click [Add].

    When you click [Add], the Server Certificate Name is validated to see if it meets the following criteria:

    • Each HP SIM server's certificate name must be less than 64 characters

    • The following invalid characters are not included: ~ ' ! @ # $ % ^ & * ( ) + = / " : ' < > ? , |

    • The Server Certificate Name is not already in the list

    If the validation test accepts the value, Server Certificate Name is added as a new line in the list table. You can add as many as five Server Certificate Names by following steps 5 and 6. If you enter more than five certificate names, you receive the alert No more names can be added.

  7. Click [Apply] to save the configurations.

    Choosing this option sets up HP SMH to only accept Secure Task Executions and Single Sign On requests from HP SIM on servers with names listed.

To remove a Server Certificate Name from the list, complete the following steps:

  1. Select Settings from the menu.

  2. In the System Management Homepage box, click the Security link.

  3. Click the Trust Mode link.

  4. In the Other Trust Modes box, find the Server Certificate Name to remove and click the check box beside that name.

  5. Click [Remove].

  6. Click [Apply].

To trust all servers:

  1. Select Settings from the menu.

  2. In the System Management Homepage box, click the Security link.

  3. Click the Trust Mode link.

  4. In the Other Trust Modes box, click the Trust All button.

  5. Click [Apply].

    Choosing the trust all option sets HP SMH to accept Secure Task Execution and Single Sign On requests from any HP SIM server.

Related Procedures

»   HP System Management Homepage Online Help - Anonymous/Local Access
»   HP System Management Homepage Online Help - IP Binding
»   HP System Management Homepage Online Help - IP Restricted Login
»   HP System Management Homepage Online Help - Local Server Certificate
»   HP System Management Homepage Online Help - Alternative Names Certificates
»   HP System Management Homepage Online Help - Port 2301 and Autostart (Linux only)
»   HP System Management Homepage Online Help - Port 2301 (Windows only)
»   HP System Management Homepage Online Help - Timeouts
»   HP System Management Homepage Online Help - Trusted Management Servers
»   HP System Management Homepage Online Help - Kerberos Authorization procedure (Windows Only)
»   HP System Management Homepage Online Help - User Groups

Related Topic

»   HP System Management Homepage Online Help - The Settings page