| Server IP : 78.140.185.180 / Your IP : 3.141.7.31 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/dell/srvadmin/lib64/openmanage/apache-tomcat/webapps/omsa/help/oem/oma/en/ |
Upload File : |
<!-- #include VIRTUAL="/includes/global_format.inc.asp" -->
<html>
<head>
<link rel="stylesheet" type="text/css" href="PG-ID.css">
<meta HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="MS.LOCALE" content="EN">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>X.509 Certificate Management</title>
</head>
<BODY BGCOLOR="#FFFFFF">
<!-- #include VIRTUAL="/includes/global_header.inc.asp" -->
<!-- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -->
<h3><a name="top">X.509 Certificate Management</a></h3>
<p>Use this window to create, import, or reuse a web certificate for Server Administrator.</p>
<h4>User Privileges</h4>
<table border="1" cellpadding="2" width="605">
<tr>
<td align="left" valign="top" width="201" rowspan="2">
<b>Selection</b></td>
<td align="center" valign="top" colspan="2"><b>User Privileges</b></td>
</tr>
<tr>
<td align="center" valign="top" colspan="2"><i>U=User; P=Power User; A=Administrator; NA=Not Applicable</i> </td>
</tr>
<tr>
<td align="left" valign="top" width="201"> </td>
<td align="center" valign="top" width="185"><b>View</b></td>
<td align="center" valign="top" width="191"><b>Manage</b></td>
</tr>
<tr>
<td align="left" valign="top" width="201">
<font size="2">X.509 Certificate Management</font></td>
<td align="center" valign="top" width="185">A</td>
<td align="center" valign="top" width="191">A</td>
</tr>
</table>
<br>
<table id="table4" width="80%" border="0">
<tr>
<td vAlign="top" align="left" width="21">
<img border="0" src="note.gif" width="17" height="17"></td>
<td><span class="notes">NOTE: </span>For more details on user privilege levels, see "<a href="../../oma/en/UserLevels.html">Privilege Levels in the
Server Administrator GUI</a>."</td>
</tr>
</table>
<h4><a name="certificate">X.509 Certificate Management</a></h4>
<p>Web certificates ensure the identity of a remote system and ensure that information
exchanged with the remote system cannot be viewed or changed by others. To ensure
system security for Server Administrator, it is strongly recommended that you either
generate a new X.509 certificate, reuse an existing X.509 certificate, or import a root
certificate or certificate chain from a Certificate Authority (CA).</p>
<p>You can apply for a certificate to authenticate user privileges for access to your
system over a network, or for accessing a storage device attached to your system.</p>
<p>[<a href="#top">Back to Top</a>]</p>
<h5>X.509 Certificate Option Menu</h5>
<table border="0" cellpadding="4" cellspacing="3" width="80%" height="249">
<tr>
<td vAlign="top" width="30%" height="21" align="left"><a
href="#generate_new"><b>Generate a new certificate</b></a></td>
<td vAlign="top" width="70%" height="21" align="left">Use this certificate
generation tool to create a certificate for access to Server Administrator.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><a
href="#reuse_existing_cer"><b>Reuse an existing certificate</b></a></td>
<td vAlign="top" width="375" height="21" align="left">Selects an
existing certificate that your company has title to, and uses this certificate to control
access to Server Administrator.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><a
href="#import_root_cer"><b>Import root certificate</b></a></td>
<td vAlign="top" width="375" height="21" align="left">Allows the user to
import the root certificate, as well as the certificate response (in PKCS#7 format),
received from the trusted certificate authority. Some of the reliable certificate
authorities are Verisign, Thawte, and Entrust. </td>
</tr>
<tr>
<td vAlign="top" width="30%" height="39" align="left"><a
href="#import_cer_chain"><b>Import certificate chain</b></a> </td>
<td vAlign="top" width="375" height="39" align="left">Allows the user to
import the certificate response (in PKCS#7 format) from the trusted certificate authority.
Some of the reliable certificate authorities are Verisign, Thawte, and Entrust.</td>
</tr>
</table>
<h5><a name="generate_new">X.509 Certificate Generation Menu: Generate a New Certificate</a></h5>
<table border="0" cellpadding="4" cellspacing="3" width="80%" height="249">
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Alias</b></td>
<td vAlign="top" width="371" height="21" align="left">An alias is a
shortened, keystore-specific name for an entity that has a certificate in the keystore. A
user can assign any alias name for the public and the private key in the keystore.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Key Generation
Algorithm</b></td>
<td vAlign="top" width="371" height="21" align="left">Describes the
algorithm to be used to generate the certificate. Commonly used algorithms are RSA and
DSA.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Key Size</b></td>
<td vAlign="top" width="371" height="21" align="left">Encryption strength
for your private key. The default value is 1024. </td>
</tr>
<tr>
<td vAlign="top" width="30%" height="39" align="left"><b>Validity Period</b>
</td>
<td vAlign="top" width="371" height="39" align="left">Length of time the
certificate is to be valid, expressed in days.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Common Name (CN)</b></td>
<td vAlign="top" width="371" height="21" align="left">Exact name of the
host or domain to be secured, for example, <i>xyzcompany.com</i>.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Organization (O)</b></td>
<td vAlign="top" width="371" height="21" align="left">Full company name as
it appears in your company's certificate of incorporation, or as it is registered with
your state government.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Organization Unit
(OU)</b></td>
<td vAlign="top" width="371" height="21" align="left">Division of this
company applying for the certificate, for example, <i> E-Commerce Department</i>.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Locality (L)</b></td>
<td vAlign="top" width="371" height="21" align="left">The city or place
name where the organization is registered or incorporated.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>State (ST)</b></td>
<td class="data-area-canvas" vAlign="top" width="371" height="21" align="left">The state or province
where the organization is registered or incorporated. Spell out the name.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Country (C)</b></td>
<td vAlign="top" width="371" height="21" align="left">Two-letter country
code, for example, US for United States and UK for United Kingdom.</td>
</tr>
</table>
<p>[<a href="#top">Back to Top</a>]</p>
<h5><a name="reuse_existing_cer">X.509 Certificate Generation Menu: Reuse an Existing
Certificate</a></h5>
<table border="0" cellpadding="4" cellspacing="3" height="93" width="80%">
<tr>
<td vAlign="top" width="30%" height="27" align="left"><b>Certificates</b></td>
<td vAlign="top" width="70%" height="27" align="left">This is the name of
the X.509 certificate that is currently being used.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="7" align="left"><b>Select
appropriate action</b></td>
<td vAlign="top" width="70%" height="7" align="left"><b>Certificate Signing
Request (CSR)</b>: Use the
information in the existing certificate to build a certificate request.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="7" align="left"></td>
<td vAlign="top" width="70%" height="7" align="left"><b>Display Contents</b>:
Display the contents of the certificate. This option results in an extensive report that
parses the components of the certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="7" align="left"></td>
<td vAlign="top" width="70%" height="7" align="left"><b>Export Certificate
in BASE 64-encoded format</b>: Export
an existing certificate for use by another application.</td>
</tr>
</table>
<p>When you select <b>CSR</b>, Server Administrator makes a .<b>csr</b> file. Server
Administrator displays the path where you can retrieve the .<b>csr</b> file.</p>
<p>Server Administrator also prompts you to copy and save the text of the certificate.</p>
<p>When you select <b>Export</b>, Server Administrator enables you to download the
certificate as a .<b>cer</b> file and save the file to a directory that you select.</p>
<p>[<a href="#top">Back to Top</a>]</p>
<h4>X.509 Self-Signed Certificate Contents</h4>
<p>Values for the following fields are collected at the time that the certificate is first
created:</p>
<table border="0" cellpadding="4" cellspacing="3" width="80%" height="162">
<tr>
<td vAlign="top" width="30%" height="44" align="left"><b>Alias</b></td>
<td vAlign="top" width="70%" height="44" align="left">An alias is a
shortened, keystore-specific name for an entity that has a certificate in the keystore. A
user can assign any alias name for the public and the private key in the keystore.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="26" align="left"><b>Creation Date</b></td>
<td vAlign="top" width="70%" height="26" align="left">Date the existing
certificate was originally created.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="14" align="left"><b>Provider</b></td>
<td vAlign="top" width="70%" height="14" align="left">The default
certificate provider is the Sun Microsystems security provider. Sun has one certificate
factory that works with certificates of type X509. </td>
</tr>
<tr>
<td vAlign="top" width="30%" height="30" align="left"><b>Certificate Chain</b>
</td>
<td vAlign="top" width="70%" height="30" align="left">Complete certificate
which has the root certificate as well as the response associated with it.</td>
</tr>
</table>
<h5>Chain Element 1:</h5>
<p>If a user views the certificate contents and finds
"Chain Element 1:” but not "Chain Element 2:" in the description,
the
existing certificate is a self-signed certificate. If the certificate contents refer
to "Chain Element 2:," the certificate has one or more CAs associated with it.</p>
<table border="0" cellpadding="4" cellspacing="3" height="616" width="80%">
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Attribute</b></td>
<td vAlign="top" width="70%" height="21" align="left"><b>Certificate Value</b></td>
</tr>
<tr>
<td vAlign="top" width="30%" height="20" align="left"><b>Type</b></td>
<td vAlign="top" width="70%" height="20" align="left">X.509.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Version</b></td>
<td vAlign="top" width="70%" height="21" align="left">Version of
X.509. </td>
</tr>
<tr>
<td vAlign="top" width="30%" height="56" align="left"><b>IsValid</b></td>
<td vAlign="top" width="70%" height="56" align="left">Whether Server
Administrator considers the certificate to be valid (Yes or No).</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="36" align="left"><b>Subject</b></td>
<td vAlign="top" width="70%" height="36" align="left">Name of the entity
for whom the certificate has been issued. This entity is referred to as the subject of the
certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="27" align="left"><b>Issuer</b></td>
<td vAlign="top" width="70%" height="27" align="left">Name of the
certificate authority who signed the certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Valid From</b></td>
<td vAlign="top" width="70%" height="21" align="left">First date the
certificate is good for first use.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Valid To</b></td>
<td vAlign="top" width="70%" height="21" align="left">Last date the
certificate is good for use.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Serial Number</b></td>
<td vAlign="top" width="70%" height="21" align="left">Unique number that
identifies this certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="1" align="left"><b>Public Key</b></td>
<td vAlign="top" width="70%" height="1" align="left">Public Key of the
certificate, that is, the key that belongs to the subject the certificate vouches for.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="18" align="left"><b>Public Key
Algorithm</b></td>
<td vAlign="top" width="70%" height="18" align="left">RSA or DSA.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Key Usage</b></td>
<td vAlign="top" width="70%" height="21" align="left">Key usage extension,
which defines the purpose of the key. You can use a key for digital signing, key
agreement, certificate signing, and more. The key usage is an extension to the X.509
specification and need not be present in all X.509 certificates.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Signature</b></td>
<td vAlign="top" width="70%" height="21" align="left">Certificate
authority's identifying digest that confers validity on a certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Signature
Algorithm Name</b></td>
<td vAlign="top" width="70%" height="21" align="left">Algorithm used to
generate the signature.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Signature
Algorithm OID</b></td>
<td vAlign="top" width="70%" height="21" align="left">Object ID of the
signature algorithm.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Signature
Algorithm Parameters</b></td>
<td vAlign="top" width="70%" height="21" align="left">Algorithm used to
generate the signature that uses the TBS certificate as input.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>TBS Certificate</b></td>
<td vAlign="top" width="70%" height="21" align="left">Body of the actual
certificate. It contains all the naming and the key information held in the certificate.
The TBS certificate is used as an input data to the signature algorithm when the
certificate is signed or verified.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Basic Constraints</b></td>
<td vAlign="top" width="70%" height="21" align="left">An X.509 certificate
may contain an optional extension that identifies whether the subject of the certificate
is a certificate authority (CA). If the subject is a CA, this extension returns the number
of certificates that may follow this certificate in a certification chain.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Subject Unique ID</b></td>
<td vAlign="top" width="70%" height="21" align="left">String that
identifies the applicant for the certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Issuer Unique ID</b></td>
<td vAlign="top" width="70%" height="21" align="left">String that
identifies the issuer of the certificate.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>MD5 Fingerprints</b></td>
<td vAlign="top" width="70%" height="21" align="left">Digital signature
algorithm that verifies data integrity by creating a 128-bit <i>message digest</i> or
fingerprint. The fingerprint is as unique to the input data as a person's fingerprint is
to only one individual person.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>SHA1 Fingerprints</b></td>
<td vAlign="top" width="70%" height="21" align="left">Secure hashing
algorithm, a cryptographic message digest algorithm used to verify data integrity by
making replication of the digest or fingerprint "computationally expensive,"
that is, not worth the effort.</td>
</tr>
<tr>
<td vAlign="top" width="30%" height="21" align="left"><b>Encoded
Certificate</b></td>
<td vAlign="top" width="70%" height="21" align="left">Content of the
certificate in binary form.</td>
</tr>
</table>
<p>[<a href="#top">Back to Top</a>]</p>
<h5><a name="import_root_cer">CA Root Certificate Import: Import root certificate</a></h5>
<p>You can import a root certificate that you receive from a CA. Perform the following
steps:
<ol>
<li><p>Select the root certificate that you want to import and click <b>Update and Proceed</b>.
</p></li>
<li><p>Select the certificate response (in the PKCS #7 format, received from the CA) and click <b>Import</b>.</p></li>
</ol>
<h5><a name="import_cer_chain">Certificate Import: Import certificate chain</a></h5>
<p>To import a certificate chain that you obtain from a CA:
<ol>
<li><p>Type the name of the certificate file you want to import, or click <b>Browse</b> to
search for the file. </p></li>
<li><p>Select the file and click <b>Import</b>.</p></li>
</ol>
<p>[<a href="#top">Back to Top</a>]</p>
<h4>Other Window Controls</h4>
<table cellSpacing="3" cellPadding="4" width="80%" border="0">
<tbody>
<tr>
<td vAlign="top" align="left" width="30%"><b>Print</b></td>
<td vAlign="top" align="left" width="70%">Prints a copy of the open window to your default printer.</strong></td>
</tr>
<tr>
<td vAlign="top" align="left" width="30%"><b>Email</b></td>
<td vAlign="top" align="left" width="70%">E-mails the contents of this
window to your designated recipient. See the <em>Server Administrator
User's Guide</em> for instructions about configuring your Simple Mail
Transfer Protocol (SMTP) server.</td>
</tr>
<tr>
<td vAlign="top" align="left" width="165" height="19"><b>Next</b></td>
<td vAlign="top" align="left" width="400" height="19">Go to the next task.</td>
</tr>
</tbody>
</table>
<p>[<a href="#top">Back to Top</a>]</p>
<p> </p>
<!-- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -->
<!-- #include VIRTUAL="/includes/global_footer.inc.asp" -->
</body>
</html>