Users Guide

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

NOTE: The 128-bit or Higher option does not allow connections from browsers with lower

SSL encryption strength, such as 40 bit and 56 bit.

– Key Signing Algorithm (For Self Signed Certificate) — Allows you to select a supported signing

algorithm. If you select either SHA 512 or SHA 256, ensure that your operating system/browser

supports this algorithm. If you select one of these options without the requisite operating system/

browser support, Server Administrator displays a cannot display the webpage error. This

field is meant only for Server Administrator auto-generated self-signed certificates. The drop-

down list is grayed out if you import or generate new certificates into Server Administrator.

– The Java Runtime Environment — Allows you to select the one of the following options:

– Bundled JRE — Enables use of the JRE provided along with the System Administrator.

– System JRE — Enables use of the JRE installed on the system. Select the required version from

the drop-down list.

NOTE: If the JRE does not exist on the system on which Server Administrator is running, the

JRE provided with the Server Administrator is used.

NOTE: If the encryption level is set to 128-bit or Higher, you can access or modify the Server

Administrator settings using a browser with the same or higher encryption levels.

4. When you finish setting options in the Server Preferences window, click Apply.

NOTE: You must restart the Server Administrator web server for the changes to take effect.

X.509 Certificate Management

NOTE: You must be logged in with Administrator privileges to perform certificate management.

Web certificates are necessary to ensure the identity of a remote system and ensure that information

exchanged with the remote system are not viewed or changed by others. To ensure system security, it is

recommended that:

• You generate a new X.509 certificate, reuse an existing X.509 certificate or import a certificate chain

from a Certification Authority (CA).

• All systems that have Server Administrator installed have unique host names.

To manage X.509 certificates through the Preferences home page, click General Settings, click the Web

Server tab, and click X.509 Certificate.

The following are the available options:

• Generate a new certificate — Generates a new self-signed certificate used for SSL communication

between the server running Server Administrator and the browser.

NOTE: When using a self-signed certificate, most web browsers display an untrusted warning as

the self-signed certificate is not signed by a Certificate Authority (CA) trusted by the operating

system. Some secure browser settings can also block the self-signed SSL certificates. The OMSA

web GUI requires a CA-signed certificate for such secure browsers.

• Certificate Maintenance — Allows you to generate a Certificate Signing Request (CSR) containing all

the certificate information about the host required by the CA to automate the creation of a trusted

SSL web certificate. You can retrieve the necessary CSR file either from the instructions on the

Certificate Signing Request (CSR) page or by copying the entire text in the text box on the CSR page

and pasting it in the CA submit form. The text must be in the Base64–encoded format.

NOTE: You also have an option to view the certificate information and export the certificate that

is being used in the Base64–encoded format, which can be imported by other web services.