Users Guide
– System JRE — Enables use of the JRE installed on the system. Select the required version from the drop-down list.
NOTE: Server Administrator does not recommend the upgrade to major versions of Java Runtime Environment
(JRE), it is limited to the security patch and minor JRE versions. For more details, see the release notes of
Server Administrator (packaged with Server Administrator application) or at dell.com/openmanagemanuals.
NOTE: If the JRE does not exist on the system on which Server Administrator is running, the JRE provided with
the Server Administrator is used.
4. When you finish setting options in the Server Preferences window, click Apply.
NOTE: You must restart the Server Administrator web server for the changes to take effect.
X.509 Certificate Management
NOTE: You must be logged in with Administrator privileges to perform certificate management.
Web certificates are necessary to ensure the identity of a remote system and ensure that information exchanged with the remote
system are not viewed or changed by others. To ensure system security, it is recommended that:
• You generate a new X.509 certificate, reuse an existing X.509 certificate or import a certificate chain from a Certification
Authority (CA).
• All systems that have Server Administrator installed have unique host names.
To manage X.509 certificates through the Preferences home page, click General Settings, click the Web Server tab, and click X.
509 Certificate
.
The following are the available options:
• Generate a new certificate — Generates a new self-signed certificate used for SSL communication between the server
running Server Administrator and the browser.
NOTE: When using a self-signed certificate, most web browsers display an
untrusted
warning as the self-signed
certificate is not signed by a Certificate Authority (CA) trusted by the operating system. Some secure browser
settings can also block the self-signed SSL certificates. The Server Administrator web GUI requires a CA-signed
certificate for such secure browsers.
• Certificate Maintenance — Allows you to generate a Certificate Signing Request (CSR) containing all the certificate
information about the host required by the CA to automate the creation of a trusted SSL web certificate. You can retrieve the
necessary CSR file either from the instructions on the Certificate Signing Request (CSR) page or by copying the entire text in
the text box on the CSR page and pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE: You also have an option to view the certificate information and export the certificate that is being used in the
Base64–encoded format, which can be imported by other web services.
• Import certificate chain — Allows you to import the certificate chain (in PKCS#7 format) signed by a trusted CA. The
certificate can be in DER or Base64-encoded format.
• Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key and certificate used in
Server Administrator web server. PKCS#12 is public keystore that contains a private key and the certificate for a web server.
Server Administrator uses the Java KeyStore (JKS) format to store the SSL certificates and its private key. Importing a
PKCS#12 keystore to Server Administrator deletes the keystore entries, and imports a private key and certificate entries to the
Server Administrator JKS.
NOTE: An error message is displayed if you either select an invalid PKCS file or when you type an incorrect
password.
SSL Server Certificates
Server Administrator Web server is configured to use the industry-standard SSL security protocol to transfer encrypted data over a
network. Built on an asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted
communication between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
34