Users Guide

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

NOTE: The 128-bit or Higher option does not allow connections from browsers with lower SSL

encryption strength, such as 40 bit and 56 bit.

– Key Signing Algorithm (For Self Signed Certificate) — Allows you to select a supported signing algorithm. If

you select either SHA 512 or SHA 256, ensure that your operating system/browser supports this algorithm.

If you select one of these options without the requisite operating system/browser support, Server

Administrator displays a cannot display the webpage error. This field is meant only for Server

Administrator auto-generated self-signed certificates. The drop-down list is grayed out if you import or

generate new certificates into Server Administrator.

– The Java Runtime Environment — Allows you to select the one of the following options:

– Bundled JRE — Enables use of the JRE provided along with the System Administrator.

– System JRE — Enables use of the JRE installed on the system. Select the required version from the drop-

down list.

NOTE: If the JRE does not exist on the system on which Server Administrator is running, the JRE provided with

the Server Administrator is used.

NOTE: If the encryption level is set to 128-bit or Higher, you can access or modify the Server Administrator

settings using a browser with the same or higher encryption levels.

4. When you finish setting options in the Server Preferences window, click Apply.

NOTE: You must restart the Server Administrator web server for the changes to take effect.

X.509 Certificate Management

NOTE: You must be logged in with Administrator privileges to perform certificate management.

Web certificates are necessary to ensure the identity of a remote system and ensure that information exchanged with

the remote system cannot be viewed or changed by others. To ensure system security, it is recommended that:

• You generate a new X.509 certificate, reuse an existing X.509 certificate, or import a root certificate or

certificate chain from a Certification Authority (CA).

• All systems that have Server Administrator installed have unique host names.

To manage X.509 certificates through the Preferenceshome page, click General Settings, click the Web Server tab, and

click X.509 Certificate.

The following are the available options:

• Generate a new certificate — Creates a certificate for access to Server Administrator.

• Certificate Maintenance — Selects an existing certificate that your company has title to, and uses this

certificate to control access to Server Administrator.

• Import a root certificate — Allows you to import the root certificate, as well as the certificate response (in

PKCS#7 format), received from the trusted certificate authority.

• Import certificate chain — Allows you to import the certificate response (in PKCS#7 format) from the trusted

certificate authority. Some of the reliable certificate authorities are Verisign, Thawte, and Entrust.