beautypg.com

Browser, Cookies, Passwords – HP Systems Insight Manager User Manual

Page 110: Password warnings, Ssl cookies passwords password warnings

background image

For WMI, the default Windows server install requires a local administrator account. However, this
can be configured to allow access from any specific account.

Browser

SSL

All communication between the browser and the CMS or any managed server occurs using HTTPS
over SSL. Any navigation using HTTP (not using SSL) is automatically redirected to HTTPS.

Cookies

Although cookies are required to maintain a logged in session, only a session identifier is maintained
in the cookie. No confidential information is in the cookie. The cookie is marked as secure, so it
is only transmitted over SSL.

A strict separation between the content provided by unrelated sites must be maintained on the
client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid links
or resources that have arrived from unauthorized sites when a valid HP SIM session is running on
browsers.

Passwords

Password fields displayed by HP SIM do not display the password. Passwords between the browser
and the CMS are transmitted over SSL.

Password warnings

There are several types of warnings that can be displayed by the browser or by the Java plug-in
on the browser, most having to do with the SSL server certificate.

Untrusted system

This warning indicates the certificate was issued by an untrusted system. Since certificates are
by default self-signed, this is likely if you have not already imported the certificate into your
browser. In the case of CA-signed certificates, the signing root certificate must be imported.
The certificate can be imported before browsing if you have obtained the certificate by some
other secure method. The certificate can also be imported when you get the warning, but is
susceptible to

spoofing

since the host system is not authenticated. Do this if you can

independently confirm the authenticity of the certificate or you are comfortable that the system
has not been compromised.

Invalid certificate>

If the certificate is invalid because it is not yet valid or it has expired, it could be a date or
time problem, which could be resolved by correcting the system's date and time. If the certificate
is invalid for some other reason, it might need to be regenerated.

Host name mismatch>

If the name in the certificate does not match the name in the browser, you might get this
warning. This can be resolved by browsing using the system's name as it appears in the
certificate, for example, marketing1.ca.hp.com or marketing1. The HP SIM certificate supports
multiple names to help alleviate this problem. See the

“System link format” (page 111)

section

below for information on changing the format of names created in links by HP SIM.

Signed applet

Previous versions of HP SIM use a Java plug-in that can additionally display a warning about
trusting a signed applet. Those previous versions of HP SIM use an applet signed by
Hewlett-Packard Company, whose certificate is signed by Verisign.

110

Understanding HP SIM security