HP Integrity rx2800 System Management Homepage User Guide - Page 84

HP System Management, Trusted Management Servers

Get HP Integrity rx2800 - i2 PDF manuals and user guides View all HP Integrity rx2800 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 84 highlights

configure the firewall with exceptions to allow browsers to access the ports used by HP SIM and Version Control Repository Manager. HP recommends the following actions: 1. Select Start→Settings Control Panel. 2. Double-click Windows Firewall to configure the firewall settings. 3. Select Exceptions. 4. Click Add Port. 5. Enter the product name and the port number. Add the following exceptions to the firewall protection: Table 13-1 Firewall protection exceptions Product HP SMH Insecure Port: HP SMH Secure Port: HP SIM Insecure Port: HP SIM Secure Port: Port Number 2301 2381 280 50000 6. Click OK to save your settings and close the Add a Port dialog box. 7. Click OK to save your settings and close the Windows Firewall dialog box. This configuration leaves the default SP2 security enhancements intact, but allows traffic over the ports previously indicated. These ports are required for HP SIM and Version Control Repository Manager to run. Ports 2301 and 2381 are required for the Version Control Repository Manager and ports 280 and 50000 are required by HP SIM. The secure and insecure ports must be added for each product to enable communication with the applications. 6.2 Why can't I import X.509 certificates directly into HP SMH? HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This certificate request should be supplied to the certificate authority. Most CAs return Base64-encoded PKCS #7 certificate data that you can import directly into HP SMH by selecting Settings→HP System Management Homepage→Security→Local Server Certificate. If the CA returns the certificate data in X.509 format, rename the X.509 certificate file as cert.pem and place it into the \hp\sslshare directory. When HP SMH is restarted, this certificate is used. 6.3 Why is my PKCS #7 cert data not accepted? When using a Mozilla browser, there can be problems when cutting and pasting cert request and reply data using Notepad or other editors. To avoid these problems, use Mozilla to open certificate reply files from your CA. Use the Select All, Cut, and Paste operations supplied by Mozilla when working with certificates. 6.4 Why is my private key file not protected by the file system? If you are using Windows operating systems, you must have the system drive in NTFS format for the private key file to be protected by the file system. 6.5 Why do I get errors when I paste my customer-generated certificate PKCS #7 data into the HP SIM Certificate Data field in Settings→SMH→Security→Trusted Management Servers? The customer-generated certificate PKCS #7 data is not relevant to the date given in the Trusted Management Servers field. The PKCS #7 data should be imported into the Customer Generated Certificates Import PKCS #7 Data field under Settings→SMH→Security→Local Server Certificate. The HP Systems Insight Manager Certificate Data field is used to trust HP SIM servers with HP SMH. 6.6 Why can't I use a Windows 2003 CA to grant my third-party certificate into HP SMH? To use a Windows 2003 CA to create a certificate for HP SMH: 1. Create the PKCS #10 data packet by clicking Settings→SMH→Security→Local Server Certificate page. 2. Press the Ctrl+ C keys to copy the data into a buffer. 3. Navigate to http://W2003CA/certsrv where W2003CA is the name of your Windows 2003 certificate authority system and complete the following: 84 Troubleshooting

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
configure the firewall with exceptions to allow browsers to access the ports used by HP SIM and Version
Control Repository Manager.
HP recommends the following actions:
1.
Select
Start
Settings
Control Panel.
2.
Double-click
Windows Firewall
to configure the firewall settings.
3.
Select
Exceptions
.
4.
Click
Add Port
.
5.
Enter the product name and the port number.
Add the following exceptions to the firewall protection:
Table 13-1 Firewall protection exceptions
Port Number
Product
2301
HP SMH Insecure Port:
2381
HP SMH Secure Port:
280
HP SIM Insecure Port:
50000
HP SIM Secure Port:
6.
Click
OK
to save your settings and close the
Add a Port
dialog box.
7.
Click
OK
to save your settings and close the
Windows Firewall
dialog box.
This configuration leaves the default SP2 security enhancements intact, but allows traffic over the ports
previously indicated. These ports are required for HP SIM and Version Control Repository Manager to
run. Ports 2301 and 2381 are required for the Version Control Repository Manager and ports 280
and 50000 are required by HP SIM. The secure and insecure ports must be added for each product
to enable communication with the applications.
6.2
Why can't I import X.509 certificates directly into HP SMH?
HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This certificate request
should be supplied to the certificate authority. Most CAs return Base64-encoded PKCS #7 certificate
data that you can import directly into HP SMH by selecting
Settings
HP System Management
Homepage
Security
Local Server Certificate
.
If the CA returns the certificate data in X.509 format, rename the X.509 certificate file as
cert.pem
and place it into the
\hp\sslshare
directory. When HP SMH is restarted, this certificate is used.
6.3
Why is my PKCS #7 cert data not accepted?
When using a Mozilla browser, there can be problems when cutting and pasting cert request and
reply data using Notepad or other editors. To avoid these problems, use Mozilla to open certificate
reply files from your CA. Use the Select All, Cut, and Paste operations supplied by Mozilla when
working with certificates.
6.4
Why is my private key file not protected by the file system?
If you are using Windows operating systems, you must have the system drive in NTFS format for the
private key file to be protected by the file system.
6.5
Why do I get errors when I paste my customer-generated certificate PKCS #7 data into the HP SIM
Certificate Data field in
Settings
SMH
Security
Trusted Management Servers
?
The customer-generated certificate PKCS #7 data is not relevant to the date given in the
Trusted
Management Servers
field. The
PKCS #7
data should be imported into the
Customer Generated
Certificates Import PKCS #7 Data
field under
Settings
SMH
Security
Local Server Certificate
.
The
HP Systems Insight Manager Certificate Data
field is used to trust HP SIM servers with HP SMH.
6.6
Why can't I use a Windows 2003 CA to grant my third-party certificate into HP SMH?
To use a Windows 2003 CA to create a certificate for HP SMH:
1.
Create the PKCS #10 data packet by clicking
Settings
SMH
Security
Local Server
Certificate
page.
2.
Press the
Ctrl
+
C
keys to copy the data into a buffer.
3.
Navigate to
http://
W2003CA
/certsrv
where
W2003CA
is the name of your Windows 2003
certificate authority system and complete the following:
84
Troubleshooting