Users Guide

ManualsBrandsDell ManualsActive System ManagerOpenManage Server Administrator Version 9.0.1

• All systems that have Server Administrator installed have unique host names.

To manage X.509 certicates through the Preferences home page, click General Settings, click the Web Server tab, and click X.

509 Certicate.

The following are the available options:

• Generate a new certicate — Generates a new self-signed certicate used for SSL communication between the server running

Server Administrator and the browser.

NOTE: When using a self-signed certicate, most web browsers display an

untrusted

warning as the self-signed

certicate is not signed by a Certicate Authority (CA) trusted by the operating system. Some secure browser

settings can also block the self-signed SSL certicates. The Server Administrator web GUI requires a CA-signed

certicate for such secure browsers.

• Certicate Maintenance — Allows you to generate a Certicate Signing Request (CSR) containing all the certicate information

about the host required by the CA to automate the creation of a trusted SSL web certicate. You can retrieve the necessary

CSR le either from the instructions on the Certicate Signing Request (CSR) page or by copying the entire text in the text box

on the CSR page and pasting it in the CA submit form. The text must be in the Base64–encoded format.

NOTE: You also have an option to view the certicate information and export the certicate that is being used in the

Base64–encoded format, which can be imported by other web services.

• Import certicate chain — Allows you to import the certicate chain (in PKCS#7 format) signed by a trusted CA. The

certicate can be in DER or Base64-encoded format.

• Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key and certicate used in

Server Administrator web server. PKCS#12 is public keystore that contains a private key and the certicate for a web server.

Server Administrator uses the Java KeyStore (JKS) format to store the SSL certicates and its private key. Importing a PKCS#12

keystore to Server Administrator deletes the keystore entries, and imports a private key and certicate entries to the Server

Administrator JKS.

NOTE: An error message is displayed if you either select an invalid PKCS le or when you type an incorrect password.

SSL 服务器证书

Server Administrator Web 服务器配置为使用行业标准的 SSL 安全协议通过网络来传输加密数据。SSL 建立在非对称加密技术基

础之上，是一种广泛接受的加密技术，用于在客户端与服务器之间提供经过验证和加密的通信，防止遭到网络上的窃听。

启用 SSL 的系统可以执行下列任务：

• 向启用 SSL 的客户端验证自身

• 允许两个系统建立加密的连接

加密过程提供高级别数据保护。Server Administrator 使用了北美地区常见互联网浏览器中提供的最安全加密方式。

默认情况下，Server Administrator Web 服务器包含自签名的唯一 SSL 数字证书。您可以用知名证书颁发机构 (CA) 签名的证书

替换默认的

SSL 证书。证书颁发机构是一个企业实体，在信息技术行业中满足高标准的可靠筛选、标识和其他重要安全标准。

CA 的示例包括 Thawte 和 VeriSign。要启动用于获取 CA 签名证书的过程，请使用 Server Administrator Web 界面生成包含您公

司信息的证书签名请求 (CSR)。然后，将生成的 CSR 提交给 CA，例如 VeriSign 或 Thawte。CA 可以是根 CA 或中间 CA。在收

到

CA 签名的 SSL 证书后，将其上载到 Server Administrator。

对于每个得到管理站信任的 Server Administrator，其 SSL 证书必须放在管理站的证书库中。在管理站上安装了 SSL 证书后，支

持的浏览器可以访问

Server Administrator 而不会显示证书警告。

Server Administrator Web Server 操作选项卡

以下为登录以管理 Server Administrator Web 服务器时显示的操作选项卡：

• 属性

• 关机

• 日志

• 警报管理

• 会话管理