Warning or error, Conditions for warning, Customizable properties – HP Systems Insight Manager User Manual
Page 108: Certificate sharing, Ssh keys, Certificate sharing ssh keys
Warning or error
If the certificate revocation check cannot be performed successfully, then HP SIM logs that as a
warning, but it does not cease the connection with the peer system. The connection will be ceased
only if HP SIM identifies the certificate as revoked.
In Two-Factor authentication, if the revocation check did not succeed or if the certificate is revoked,
then the user is not allowed to log-in to the CMS.
Conditions for warning
•
If the CRL distribution point is not available in the certificate
•
If the CRL distribution point does not contain HTTP URL
•
If the CRL file is not available in the CRL directory (or expired), and if the file cannot be
downloaded from the CRL distribution point URL
Customizable properties
There are few CRL properties that can be configured through the globalsettings.props file
present under HP SIM’s \config directory. The CRL GUI or the command line might not support
all these settings.
•
Download timeout of CRL file:
Property name: CRL_FETCH_TIMEOUT
The default value is 10000 (10s)
•
The expiring delay is 1 day by default. This can be customized using:
Property name: CRLExpirationStart
The default value is 1
•
If you do not want to receive alerts on CRL expiration:
Property name: CRLAlert
1 — Enable
0 — Disable
•
Proxy settings:
The proxy host and port can be configured using the below properties. The proxy settings can
be cleared off or removed if both these properties are removed, or set as empty in the
globalsettings.props
file.
Property name: PROXYHOST
Property name: PROXYPORT
Certificate sharing
HP SIM supports a mechanism whereby other components installed on the system can use the same
certificate and private key, facilitating authentication of the system as a whole instead of each
individual component. This is currently used by the Web Agents and the WBEM components on
the CMS.
SSH keys
An SSH key-pair is generated during initial configuration. The CMS public key is copied to the
managed system using the mxagentconfig tool. This key-pair is not the same as for SSL and requires
a manual process to regenerate a new pair. See the manpages or online documentation for
mxagentconfig for more details. See the Secure Shell (SSH) in HP SIM white paper located at
108 Understanding HP SIM security