Users Guide
either from the instructions on the Certificate Signing Request (CSR) page or by copying the entire text in the text box on the CSR
page and pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE: You also have an option to view the certificate information and export the certificate that is being used in the
Base64–encoded format, which can be imported by other web services.
• Import certificate chain — Allows you to import the certificate chain (in PKCS#7 format) signed by a trusted CA. The certificate
can be in DER or Base64-encoded format.
• Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key and certificate used in Server
Administrator web server. PKCS#12 is public keystore that contains a private key and the certificate for a web server. Server
Administrator uses the Java KeyStore (JKS) format to store the SSL certificates and its private key. Importing a PKCS#12 keystore to
Server Administrator deletes the keystore entries, and imports a private key and certificate entries to the Server Administrator JKS.
NOTE: An error message is displayed if you either select an invalid PKCS file or when you type an incorrect
password.
SSL Server Certificates
Server Administrator Web server is configured to use the industry-standard SSL security protocol to transfer encrypted data over a
network. Built on an asymmetric encryption technology, SSL is widely accepted for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
• Allow the two systems to establish an encrypted connection
The encryption process provides a high level of data protection. Server Administrator uses the most secure form of encryption generally
available for Internet browsers in North America.
Server Administrator Web server has a self-signed unique SSL digital certificate by default. You can replace the default SSL certificate
with a certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the
Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate, use the Server Administrator
Web interface to generate a Certificate Signing Request (CSR) with your company’s information. Then, submit the generated CSR to a
CA such as VeriSign or Thawte. The CA can be a root CA or an intermediate CA. After you receive the CA-signed SSL certificate, upload
the certificate to Server Administrator.
For each Server Administrator to be trusted by the management station, the SSL certificate of that Server Administrator must be placed
in the certificate store of the management station. After the SSL certificate is installed on the management stations, supported browsers
can access Server Administrator without certificate warnings.
Server Administrator Web Server Action Tabs
The following are the action tabs that are displayed when you log in to manage the Server Administrator web server:
• Properties
• Shutdown
• Logs
• Alert Management
• Session Management
Upgrading web server
CAUTION:
Factory reset is not possible after a web server update. For a factory reset, reinstall the Server
Administrator.
You can upgrade the Apache Tomcat web server, whenever required, using the omwsupdateutility, without affecting the Server
Administrator functionality. The utility allows upgrade to a minor version of web server, but does not support upgrade to a major version.
For example, upgrade from version A.
x to A.y is supported, but not A.x to B.x or B.y. Also, using the utility you can move the version of the
web server to an earlier version, provided it is a minor version. The utility is saved to the following default location during web server
installation:
• On systems running a Windows operating system: C:\Program Files\Dell\SysMgt\omsa\wsupdate
• On systems running a Linux operating system: /opt/dell/srvadmin/lib64/openmanage/wsupdate
Using Server Administrator
33