2 validating rpm signatures, 3 trusted certificates – HP Insight Control Software for Linux User Manual
Page 27
Standard Linux deployment, which uses SSH to push an image to the target systems is a
less scalable but more secure method than large scale deployment.
HP recommends the use of a dedicated management LAN for large scale Linux deployments.
For more information on scalable deployment, see
•
Logging RAM disk connections and operations
With a few minor modifications, you can log who has connected to the RAM disk . For more
information, see
Logging RAM disk connections and operations (page 216)
.
2.2 Validating RPM signatures
The
s for HP Insight Control for Linux, HP Insight Control virtual machine management,
and HP Insight Control power management are digitally signed with a private key. You have
the option of using the public key shipped on the Insight Control for Linux ISO image to validate
and verify the RPMs.
Although this verification process is optional for you, it ensures that HP is the creator of the code
and that the code was not modified since it was signed.
For more information on validating RPM signatures, see the HP Insight Control for Linux Installation
Guide.
2.3 Trusted certificates
Insight Control for Linux conforms to the security features of HP SIM. There is a Trusted
Certificates
tab under Options
→Security→Credentials→Trusted Systems. By selecting that
tab, you access a web page that allows you to determine how SSL/HTTPS connections are handled;
there are two options, depending on the button selected:
•
Always Accept
This button is preselected by default. The CMS establishes SSL connections with managed
systems without validating them against
s in the HP SIM trusted certificate list.
•
Require
When this button is selected, the CMS only establishes SSL connections with managed
systems whose certificates are represented in the HP SIM trusted certificate list.
When performing any operation that communicates with an iLO-based management processor,
Insight Control for Linux has the ability to verify whether the target iLO is a trusted system,
meaning that it is presenting a certificate that Insight Control for Linux trusts. To enable this
security mechanism, make sure the Require radio button is selected.
Use the Import button to import the iLO’s self-signed certificate. You can obtain the iLO’s
self-signed certificate by connecting to the iLO using your browser. In Microsoft Internet Explorer
for Windows Vista, for example:
1.
Select Page
→Security Report.
2.
Select View Certificates.
3.
Select the Details tab.
4.
Select the Copy to File... button.
5.
In the Certificate Export Wizard, select the Base-64 encoded X.509 (.CER) radio button
and proceed to save your file. This is the file that you specify in HP SIM when you select
the Importbutton.
You must repeat this procedure for every iLO whose certificate you want to add to the HP SIM
trust storage.
2.2 Validating RPM signatures
27