Users Guide

All systems that have Server Administrator installed have unique host names.
To manage X.509 certicates through the Preferences home page, click General Settings, click the Web Server tab, and click X.509
Certicate.
The following are the available options:
Generate a new certicate — Generates a new self-signed certicate used for SSL communication between the server running
Server Administrator and the browser.
NOTE: When using a self-signed certicate, most web browsers display an
untrusted
warning as the self-signed certicate is
not signed by a Certicate Authority (CA) trusted by the operating system. Some secure browser settings can also block the
self-signed SSL certicates. The Server Administrator web GUI requires a CA-signed certicate for such secure browsers.
Certicate Maintenance — Allows you to generate a Certicate Signing Request (CSR) containing all the certicate information about
the host required by the CA to automate the creation of a trusted SSL web certicate. You can retrieve the necessary CSR le either
from the instructions on the Certicate Signing Request (CSR) page or by copying the entire text in the text box on the CSR page and
pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE: You also have an option to view the certicate information and export the certicate that is being used in the Base64–
encoded format, which can be imported by other web services.
Import certicate chain — Allows you to import the certicate chain (in PKCS#7 format) signed by a trusted CA. The certicate can
be in DER or Base64-encoded format.
Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key and certicate used in Server
Administrator web server. PKCS#12 is public keystore that contains a private key and the certicate for a web server. Server
Administrator uses the Java KeyStore (JKS) format to store the SSL certicates and its private key. Importing a PKCS#12 keystore to
Server Administrator deletes the keystore entries, and imports a private key and certicate entries to the Server Administrator JKS.
NOTE
: An error message is displayed if you either select an invalid PKCS le or when you type an incorrect
password.
SSL Server Certicates
Server Administrator Web server is congured to use the industry-standard SSL security protocol to transfer encrypted data over a
network. Built on an asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
Authenticate itself to an SSL-enabled client
Allow the two systems to establish an encrypted connection
The encryption process provides a high level of data protection. Server Administrator uses the most secure form of encryption generally
available for Internet browsers in North America.
Server Administrator Web server has a self-signed unique SSL digital certicate by default. You can replace the default SSL certicate with
a certicate signed by a well-known Certicate Authority (CA). A Certicate Authority is a business entity that is recognized in the
Information Technology industry for meeting high standards of reliable screening, identication, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certicate, use the Server Administrator
Web interface to generate a Certicate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a CA
such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certicate, upload the
certicate to Server Administrator.
For each Server Administrator to be trusted by the management station, the SSL certicate of that Server Administrator must be placed in
the certicate store of the management station. After the SSL certicate is installed on the management stations, supported browsers can
access Server Administrator without certicate warnings.
Using Server Administrator
37