Dell Data Protection | Encryption Manual de usuario descargar pdf (Pagina 76)

76 Enterprise Server Installation and Migration Guide

•

City or locality

: Enter the appropriate value (example, Dallas).

•

State or province

: Enter the unabbreviated state or province name (example, Texas).

• Two-letter country code.

• The utility prompts for confirmation that the information is correct. If so, type

yes

If not, type

. The Keytool displays each value entered previously. Click

Enter

to accept the value or change the value and

click

Enter

–

Key password for alias

: If you do not enter another password here, this password defaults to the Keystore password.

Request a Signed Certificate from a Certificate Authority

Use this procedure to generate a Certificate Signing Request (CSR) for the self-signed certificate created in

Generate a New Key

Pair and a Self-Signed Certificate

Substitute the same value used previously for <

certificatealias

keytool -certreq -sigalg SHA1withRSA -alias <certificate-alias> -keystore .\cacerts -file

<csr-filename>

For example,

keytool -certreq -sigalg SHA1withRSA -alias sslkey -keystore .\cacerts -file

Dell.csr

The .csr file will contain a BEGIN/END pair that will be used during the creation of the certificate on the CA.

Follow your organizational process for acquiring an SSL server certificate from a Certificate Authority. Send the contents of the

<csr-filename> for signing.

NOTE: There are several methods to request a valid certificate. An example method is shown in

Example Method to

Request a Certificate

When the signed certificate is received, store it in a file.

As a best practice, back up this certificate in case an error occurs during the import process. This backup will prevent having to

start the process over.

Import a Root Certificate

If the root certificate Certificate Authority is Verisign (but not Verisign Test), skip to the next procedure and import the signed

certificate.

The Certificate Authority root certificate validates signed certificates.

one

of the following:

• Download the Certificate Authority root certificate, and store it in a file.

• Obtain the enterprise directory server root certificate.

one

of the following:

• If you are enabling SSL for Dell Compliance Reporter, Dell Console Web Services, Dell Security Server, or Dell Device

Server, change to the component

conf

directory.

• If you are enabling SSL between the Dell Enterprise Server and the enterprise directory server, change to <

Dell install

dir>\Java Runtimes\jre1.x.x_xx\lib\security

(the default password for JRE cacerts is

changeit

Run Keytool as follows to install the root certificate:

keytool -import -trustcacerts -alias <ca-cert-alias> -keystore .\cacerts -file

<ca-cert-filename>

For example,

keytool -import -alias Entrust -keystore .\cacerts -file .\Entrust.cer

Example Method to Request a Certificate

An example method to request a certificate is to use a web browser to access the Microsoft CA Server, which will be set up

internally by your organization.

Navigate to the Microsoft CA Server. The IP address will be supplied by your organization.

Select

Request a certificate

and click

1 2 ... 71 72 73 74 75 76 77 78 79 80

Comentarios a estos manuales

Sin comentarios

Dell Data Protection | Encryption Manual de usuario Pagina 76

Comentarios a estos manuales

Relacionado con productos y manuales para Software de base de Dell Data Protection | Encryption