Dell Data Protection | Encryption Manual do Utilizador descarregar pdf (Página 75)

Enterprise Server Installation and Migration Guide 75

Appendix C

Certificates

Create a Self-Signed Certificate and Generate a Certificate Signing Request

This section details the steps to create a self-signed certificate for the Java-based components. This process cannot be used to

create a self-signed certificate for .NET-based components.

We recommend a self-signed certificate only in a non-production environment.

If your organization requires an SSL server certificate, or you need to create a certificate for other reasons, this section describes

the process to create a java keystore using Keytool.

If your organization plans to use smart cards for authentication, you will need to use Keytool to import the full certificate chain of

trust that are used in the smart card user's certificate.

Keytool creates private keys that are passed in the format of a Certificate Signing Request (CSR) to a Certificate Authority (CA),

such as VeriSign

or Entrust

. The CA will then, based on this CSR, create a server certificate that it signs. The server certificate

is then downloaded to a file along with the signing authority certificate. The certificates are then imported into the cacerts file.

Generate a New Key Pair and a Self-Signed Certificate

Navigate to the

conf

directory of Dell Compliance Reporter, Dell Console Web Services, Dell Security Server, or Dell Device

Server.

Back up the default certificate database:

Click

Start

Run

, and type

move cacerts cacerts.old

Add Keytool to the system path. Type the following command in a command prompt:

set path=%path%;<Dell Java Install Dir>\bin

To generate a certificate, run Keytool as shown:

keytool -genkey -keyalg RSA -sigalg SHA1withRSA -alias

Dell

-keystore .\cacerts

Enter the following information as the Keytool prompts for it.

NOTE: Back up configuration files before editing them. Only change the specified parameters. Changing other data in

these files, including tags, can cause system corruption and failure. Dell cannot guarantee that problems

resulting from unauthorized changes to these files can be solved without reinstalling the Dell Enterprise

Server.

•

Keystore password

: Enter a password (unsupported characters are <>;&” ’), and set the variable in the component

conf

file to the same value, as follows:

<Compliance Reporter install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

<Console Web Services install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

<Device Server install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

<Security Server install dir>\conf\eserver.properties. Set the value eserver.keystore.password =

•

Fully Qualified Server Name

: Enter the fully qualified name of the server where the component you are working with is

installed. This fully qualified name includes the host name and the domain name (example, server.domain.com).

•

Organizational unit

: Enter the appropriate value (example, Security).

•

Organization

: Enter the appropriate value (example, Dell).

1 2 ... 70 71 72 73 74 75 76 77 78 79 80

Comentários a estes Manuais

Sem comentários

Dell Data Protection | Encryption Manual do Utilizador Página 75

Comentários a estes Manuais

Manuais e produtos relacionados com Software de bases de dados Dell Data Protection | Encryption