Settings

The Settings tab provides you with the ability to access the agent options, and define the Management HTTP Server security settings.

Settings Section

The Settings section provides a listing of participating agents. Each of the participating agents has options already defined.

Management HTTP Server Section

The Management HTTP Server section provides links that allow you to configure your Management HTTP Server settings. The Management HTTP Server section provides links to the following:

Change Password

The Change Password option allows you to change the Management HTTP Server password.

Changing the Management HTTP Server password:

  1. Click Change Password to change the password for Management HTTP Server.

  2. In the User field, select the user level from the drop-down list.

  3. In the New Password field, enter the new password for the user level you selected.

  4. In the Confirm Password field, enter the same password you entered in the Password field.

  5. Click Change Password. A dialog box displays indicating whether or not the password was successfully changed.

Credits

The Credits link displays information regarding licensing and credit information.

Options

The Options link accesses the Options page. The Options page allows you to change various Web-Based System Management settings. The System Management Setup Wizard initially allows you to set many of the options from this page, however you can access the Options page in order to edit any of the initial settings. The Page Sections divide the available options into three groups:

Configuration Options

The Configuration Options section allows you to select the appropriate settings to include:

Enabling Anonymous Access:
  1. Select Anonymous Access from the Configuration Options page.

    1. Click Save Configuration in the Configuration Options section to save your settings. The Configuration Options page refreshes.

NOTE:  If this Management HTTP Server is running on the same machine as Insight Manager 7, Local Access (Anonymous) must be enabled for certain features of Insight Manager 7 to work. If Local Access (Administrator) or Anonymous Access is enabled, that also works, but is not necessary.

Setting the Logging options:

IP addresses can be explicitly excluded or explicitly included for each type of user. If an IP address is explicitly excluded it will be excluded even if it is also explicitly included. If there are any IP addresses in the inclusion list, then only those IP addresses will be allowed login access. If there are no IP addresses in the inclusion list, then login access will be allowed to any IP addresses not in the exclusion list.

IP address ranges should be listed with the lower end of the range followed by a hyphen followed by the upper end of the range. All ranges are inclusive in that the upper and lower bounds are considered part of the range. IP address ranges and single addresses are separated by semi-colons.

IP address ranges should be entered in the following format:

122.23.44.1-122.23.44.255;172.84.100.35;127.0.0.0-127.0.0.255

You can click Default Configuration, located in the Configuration Options section, to return all options back to their original settings.

The Trust All option leaves your system vulnerable to security attacks.

 

 Using the Trust By Name option:

Although Trust By Name mode is a slightly stronger method of security than the Trust All mode, it still leaves your system vulnerable to security attacks.

Trusted Certificates

The Trusted Certificates section allows you to manage your certificates in the Trusted Certificates list.

Using the Trusted Certificates option:

If you have the base64 encoded certificate file for Insight Manager 7, cut and past this certificate information into the Insight Manager 7 Certificate Data box, and click Submit Cert.

If Insight Manager 7 is reinstalled or a new certificate is re-generated, you must remove the trusted servers and start again with step a. Even though the Insight Manager 7 server name is the same in the list, the underlying certificate has changed.

Customer Generated Certificates

The Customer Generated Certificates option allows you to use certificates that are not generated by HP. If this option is selected, the self-signed certificate that was originally generated by the Management HTTP Server will be replaced with one that was issued by a Certificate Authority. The first step of the process is to cause the Management HTTP Server to create a Certificate Request (PKCS #10). This request utilizes the original private key that was associated with the self-signed certificate and generates the appropriate data for certificate request (the private key never leaves the server during any of this process). Once the PKCS #10 data has been created, the next step is for the user to send that off to a Certificate Authority. Once the Certificate Authority has returned PKCS #7 data, the final step is to import this into the Management HTTP Server. Once the PKCS #7 data has been successfully imported, the original \compaq\wbem\cert.pem certificate file will be overwritten with the device's certificate from that PKCS #7 envelope. The same private key is used for the new imported certificate as was used with the previous self signed certificate.

Using the Customer Generated Certificate option:
  1. Click Create PKCS #10 Data. A screen displays indicating that the PKCS #10 Certificate Request data has been successfully generated.

  2. Copy the certificate data.

  3. Send PKCS #10 certificate request data to a Certificate Authority and ask them to send you the certificate request reply data in the form of PKCS #7 format. Request that the reply data be in base64 encoded format. If you organization has its own PKI/Certificate Server implemented, send the PKCS #10 data to the Certificate Authority manager and request the PKCS #7 reply data.

The selected certificate signer generally charges a fee.

 

  1. When the certificate signer sends the PKCS #7 certificate request reply data to you, copy the data from the PKCS #7 certificate request and paste the copied data in the PKCS #7 Data field.

  2. Click Import PKCS #7 Data. A message displays indicating whether or not the "customer generated certificate" was successfully imported.

  3. Stop the services.

  4. Restart the services.

  5. Browse to the managed device that contains the imported certificate.

  6. Select view the certificate when prompted by the browser. Be sure the signer is listed as the signer you used, and not listed as HP, before importing the certificate into your browser. Alternatively, you can import root CA cert into all the browsers on your network to avoid being prompted.

If the certificate issuer's organizational unit (OU) is still listed as Compaq Management HTTP Server, you will need to start over with step a.

If the certificate signer of your choice sends you the certificate data in base64 encoded form instead of PKCS #7 data, you must copy the base64 encoded file to the filename /compaq/WBEM/Cert.pem and reboot the machine.

Click Default Configuration to revert to default settings. This will not remove imported Trusted Insight Manager 7 certificates or imported Customer Generated certificates.

Once you have successfully imported the PKCS#7 certificate, you may see a dialog box. In order to eliminate this box, you will need to import the Certificate.

Authority’s certificate into your browser as a Trusted Root Certification Authority. Your Certificate Authority can provide you with their certificate and you can import it into your browser via the normal process. Refer to the help files that came with your browser for details on how to import a certificate.

To refresh the page, click Refresh in your browser.

Related Topic

Tabs