The Trust Mode link provides options to enable you to select the security required by your system. Some situations require a higher level of security than others. Therefore, you have the following security options:
Sets HP SMH to accept configuration changes only from HP SIM servers with trusted certificates. This mode requires the submitted server to provide authentication by means of certificates. This mode is the strongest method of security because it requires certificate data and verifies the digital signature before allowing access. If you do not want to enable remote configuration changes, leave Trust by Certificate selected, and leave the list of trusted systems empty by not importing certificates.
This is the default behavior on Linux Itanium.
HP strongly recommends using this option because it is more secure.
Sets HP SMH to accept configuration changes only from servers with HP SIM names designated in the Trust By Name field. For example, you might use this option if you have a secure network with two groups of administrators in two divisions. It prevents one group from installing software to the wrong system. This option verifies only the HP SIM server that you designate.
HP strongly recommends using the Trust by Certificate option because the other options are less secure.
Sets HP SMH to accept specific configuration changes from systems. For example, you could use the Trust All option if you have a secure network, and everyone in the network is trusted.
HP strongly recommends using the Trust by Certificate option because the other options are less secure.
Configuring Trust Mode
For Linux, the imported HP SMH certificates
are stored in the /opt/hp/hpsmh/certs
directory.
For Windows, the imported HP SIM certificates
are stored in the systemdrive:
\hp\hpsmh\certs
directory.
You must have administrative authority to access this directory.
In the System Management Homepage box, click the Security link.
In the Other Trust Modes box, click the Trust by Name radio button.
In the Server Certificate Name textbox, enter the Server Certificate Name.
-
When you click Add, the Server Certificate Name is validated to see if it meets the following criteria:
If the validation test accepts the value, Server Certificate Name is added as a new line in the list table. You can add as many as five Server Certificate Names by following steps 5 and 6. If you enter more than five certificate names, you receive the alert
No more names can be added
. Click Apply to save the configurations.
Choosing this option sets up HP SMH to only accept Secure Task Executions and Single Sign On requests from HP SIM on servers with names listed.
To remove a Server Certificate Name from the list, complete the following steps:
The Settings Page |