Users Guide
Assigning a webserver certificate to OpenManage Enterprise using
the Microsoft Certificate Services
1. Generate and download the Certificate Signing Request (CSR) in OpenManage Enterprise. See Generate and download the
certificate signing request on page 143
2. Open a web session to the certification server (https://x.x.x.x/certsrv) and click on the Request a certificate link .
3. On the Request a Certificate page, click on the submit an advanced certificate request link.
4. On the Advanced Certificate Request page, click on the Submit a certificate request by using a base-64-encoded CMC
or PKCS#10 file, or submit a renewal request by using a base-64-encoded PKCS#7 file link.
5. On the Submit a Certificate Request or Renewal Request page do the following:
a. In the base-64-encoded cerficate request (CMC or PKCS#10 file or PKCS#7) field, copy and paste the entire
content of downloaded CSR.
b. For Certificate Template select Web Server.
c. Click Submit to issue a certificate.
6. On the Certificate Issued page, select the option Base 64 encoded and then click the Download Certificate link to
download the certificate.
7. Upload the certificate in OpenManage by navigating to the Application Settings > Security > Certificatespage and then
clicking Upload.
Set the login security properties
NOTE:
To perform any tasks on OpenManage Enterprise, you must have necessary user privileges. See Role-based
OpenManage Enterprise user privileges on page 14.
NOTE: AD and LDAP directory users can be imported and assigned one of the OpenManage Enterprise roles (Admin,
DeviceManager, or Viewer).
By clicking OpenManage Enterprise > Application Settings > Security, you can secure your OpenManage Enterprise either
by specifying the Restrict Allowed IP Range or the Login Lockout Policy.
● Expand Restrict Allowed IP Range:
NOTE:
When "Restrict Allowed IP Range", is configured in appliance, any inbound connection to appliance, such as alert
reception, firmware update, and network identities are blocked for the devices which are outside the given range.
However, any connection that goes out of the appliance will work on all devices.
1. To specify the IP address range that must be allowed to access OpenManage Enterprise, select the Enable IP Range
check box.
2. In the IP Range Address (CIDR) box, enter the IP address range.
NOTE: Only one IP range is allowed.
3. Click Apply. To reset to default properties, click Discard.
NOTE: Apply button will not be enabled if multiple IP ranges are entered in the IP Range Address (CIDR) box.
● Expand Login Lockout Policy :
1. Select the By User Name check box to prevent a specific user name from logging in to OpenManage Enterprise.
2. Select the By IP address check box to prevent a specific IP address from logging in to OpenManage Enterprise.
3. In the Lockout Fail Count box, enter the number of unsuccessful attempts after which OpenManage Enterprise must
prevent the user from further logging in. By default, 3 attempts.
4. In the Lockout Fail Window box, enter the duration for which OpenManage Enterprise must display information about a
failed attempt.
5. In the Lockout Penalty Time box, enter the duration for which the user is prevented from making any login attempt
after multiple unsuccessful attempts.
6. Click Apply. To reset the settings to default attributes, click Discard.
144
Managing OpenManage Enterprise appliance settings