Users Guide
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
NOTE: If an incorrect cipher value is set and the connection service fails to start, use the CLI command prompt or
manually set the valid ciphers and restart the connection service.
NOTE: Upgrading to the Server Administrator 9.1 will not retain the existing web server cipher settings due to
security reasons.
• The SSL Protocols field allows you to set from the web server listed SSL protocols to establish an HTTPS connection. The
possible values are: TLSv1.1, TLSv1.2 , and (TLSv1.1, TLSv1.2) . By default, the value of SSL protocol is set to
(TLSv1.1, TLSv1.2). The changes take effect after web server restart.
NOTE: If the protocol is not supported by default configurations, enable the SSL Protocol from the browser
settings.
• Key Signing Algorithm (For Self-Signed Certificate) — Allows you to select a supported signing algorithm. If you select
either SHA 512 or SHA 256, ensure that your operating system/browser supports this algorithm. If you select one of these
options without the requisite operating system/browser support, Server Administrator displays a cannot display the
webpage error. This field is meant only for Server Administrator autogenerated self-signed certificates. The drop-down list is
grayed out if you import or generate new certificates into Server Administrator.
• The Java Runtime Environment — Allows you to select the one of the following options:
• Bundled JRE — Enables use of the JRE provided along with the System Administrator.
• System JRE — Enables use of the JRE installed on the system. Select the required version from the drop-down list.
NOTE:
Server Administrator does not recommend the upgrade to major versions of Java Runtime Environment
(JRE), it is limited to the security patch and minor JRE versions. For more details, see the release notes of Server
Administrator (packaged with Server Administrator application) or at dell.com/openmanagemanuals.
NOTE: If the JRE does not exist on the system on which Server Administrator is running, the JRE provided with
the Server Administrator is used.
4. When you finish setting options in the Server Preferences window, click Apply.
NOTE:
You must restart the Server Administrator web server for the changes to take effect.
X.509 Certificate Management
NOTE:
You must be logged in with Administrator privileges to perform certificate management.
Web certificates are necessary to ensure the identity of a remote system and ensure that information exchanged with the remote system
are not viewed or changed by others. To ensure system security, it is recommended that:
• You generate a new X.509 certificate, reuse an existing X.509 certificate or import a certificate chain from a Certification Authority
(CA).
• All systems that have Server Administrator installed have unique host names.
To manage X.509 certificates through the Preferences home page, click General Settings, click the Web Server tab, and click X.509
Certificate.
The following are the available options:
• Generate a new certificate — Generates a new self-signed certificate used for SSL communication between the server running
Server Administrator and the browser.
NOTE:
When using a self-signed certificate, most web browsers display an
untrusted
warning as the self-signed
certificate is not signed by a Certificate Authority (CA) trusted by the operating system. Some secure browser
settings can also block the self-signed SSL certificates. The Server Administrator web GUI requires a CA-signed
certificate for such secure browsers.
• Certificate Maintenance — Allows you to generate a Certificate Signing Request (CSR) containing all the certificate information
about the host required by the CA to automate the creation of a trusted SSL web certificate. You can retrieve the necessary CSR file
32
Using Server Administrator