New host certificate is not displayed for verification (6467360)

When adding a new host to be monitored, the Monitoring Console uses SSL to secure the connection, but does not show the certificate presented by the selected host. Because the Monitoring Console transmits the host's root password to the node agent, there is a vulnerability to an attacker forging the IP address of the intended host and receiving the password. The risk of this happening is very low because most node agents run on hosts already within a secure network.

Solution If your node agent hosts are not within a secure network, you should verify their authenticity before adding them as new hosts in the Monitoring Console. To verify the authenticity of a host, log in to the host and make sure you recognize its configuration and its file system. For a UNIX host, you can log in with ssh to view the certificate information.