Users Guide
• All systems that have Server Administrator installed have unique host names.
To manage X.509 certicates through the Preferences home page, click General Settings, click the Web Server tab, and click X.509
Certicate.
The following are the available options:
• Generate a new certicate — Generates a new self-signed certicate used for SSL communication between the server running
Server Administrator and the browser.
NOTE: When using a self-signed certicate, most web browsers display an
untrusted
warning as the self-signed certicate is
not signed by a Certicate Authority (CA) trusted by the operating system. Some secure browser settings can also block the
self-signed SSL certicates. The Server Administrator web GUI requires a CA-signed certicate for such secure browsers.
• Certicate Maintenance — Allows you to generate a Certicate Signing Request (CSR) containing all the certicate information about
the host required by the CA to automate the creation of a trusted SSL web certicate. You can retrieve the necessary CSR le either
from the instructions on the Certicate Signing Request (CSR) page or by copying the entire text in the text box on the CSR page and
pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE: You also have an option to view the certicate information and export the certicate that is being used in the Base64–
encoded format, which can be imported by other web services.
• Import certicate chain — Allows you to import the certicate chain (in PKCS#7 format) signed by a trusted CA. The certicate can
be in DER or Base64-encoded format.
• Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key and certicate used in Server
Administrator web server. PKCS#12 is public keystore that contains a private key and the certicate for a web server. Server
Administrator uses the Java KeyStore (JKS) format to store the SSL certicates and its private key. Importing a PKCS#12 keystore to
Server Administrator deletes the keystore entries, and imports a private key and certicate entries to the Server Administrator JKS.
NOTE
: An error message is displayed if you either select an invalid PKCS le or when you type an incorrect
password.
SSL Server Certicates
Server Administrator Web server is congured to use the industry-standard SSL security protocol to transfer encrypted data over a
network. Built on an asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
• Allow the two systems to establish an encrypted connection
The encryption process provides a high level of data protection. Server Administrator uses the most secure form of encryption generally
available for Internet browsers in North America.
Server Administrator Web server has a self-signed unique SSL digital certicate by default. You can replace the default SSL certicate with
a certicate signed by a well-known Certicate Authority (CA). A Certicate Authority is a business entity that is recognized in the
Information Technology industry for meeting high standards of reliable screening, identication, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certicate, use the Server Administrator
Web interface to generate a Certicate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a CA
such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certicate, upload the
certicate to Server Administrator.
For each Server Administrator to be trusted by the management station, the SSL certicate of that Server Administrator must be placed in
the certicate store of the management station. After the SSL certicate is installed on the management stations, supported browsers can
access Server Administrator without certicate warnings.
Using Server Administrator
37