beautypg.com

Security alerts in internet explorer and firefox, Automatically signing in, Configuring the cms – HP Systems Insight Manager User Manual

Page 17

background image

To download, go to

http://www.hp.com/go/firefox

.

For Linux:

Firefox 3.0.10 or later

NOTE:

Browser settings:

For all Windows Internet Explorer browsers, you must have the SSL 3.0 or Transport Layer
Security (TLS) 1.0 browser security options enabled for HP SIM to work properly, which allows
only stronger ciphers for the SSL connection.

To use automatic sign-in with Firefox, you must configure Firefox with a list of sites with
automatic sign-in. For more information, see Initial setup section of the HP SIM online help.

Security Alerts in Internet Explorer and Firefox

Because the HP SIM web server uses a self-signed SSL certificate (unless otherwise configured),
you will encounter a browser warning when browsing to the CMS. Firefox warns of an Untrusted
Connection
. Internet Explorer warns of a Certificate Error. Both browsers let you continue, but you
can take measures to avoid repeatedly encountering those warnings. This applies to HP SIM, HP
SMH, Integrated Lights-Out (iLO), Onboard Administrator, and all web servers you browse to.

Each time you receive an Untrusted Connection warning in Firefox, you must add a permanent
security exception to avoid seeing the warning again for that host. Note that if you browse to a
single system using its short host name, fully qualified Domain Name Service (FQDN), and IP
address (for example, three different ways), you must add three security exceptions.

With Internet Explorer, you must install the SSL certificate into the Trusted Root Certification
Authorities certificate store, but the browser will continue to warn you (by default) when details in
the certificate do not match (for example, browsing by short host name when the full host name is
in the certificate). To avoid certificate errors when names do not match, the following setting must
be turned off: Internet Explorer

→Advanced→Security→Warn about certificate address mismatch.

If you do not install the SSL certificate in Internet Explorer 8, these warnings appear for each pop-up
window that appears in HP SIM.

Automatically signing in

You can sign in to HP SIM using the same account with which you are logged in on your desktop,
bypassing the HP SIM sign-in page. If user groups are configured for HP SIM, membership in these
groups is accepted and treated the same as if you manually signed in.

Configuring the CMS

HP SIM must be running on a Windows CMS that is a member of a Windows domain. The
browsing system must be a member of the same domain.

The HP SIM service account must be a domain account; local accounts can not be used.

The CMS must be registered with an SPN in the domain, which requires a domain administrator
to configure. From any system that is a member of the domain, the domain administrator can
run the setspn.exe utility from the Windows Support Tools. For example:

setspn -a HTTP/

Where HTTP is in all capital letters, is the FQDN of the CMS, and
is the domain account under which HP SIM service runs.

Signing in and using the graphical user interface

17