Lenovo RD220 User Guide - Page 49
Enabling SSL for the secure Web server, SSL client certificate management, Import a Signed Certificate
UPC - 884942047961
View all Lenovo RD220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 49 highlights
openssl req -in csr.der -inform DER -out csr.pem -outform PEM 7. Send the certificate-signing request to your certificate authority. When the certificate authority returns your signed certificate, you might have to convert the certificate to DER format. (If you received the certificate as text in an e-mail or a Web page, it is probably in PEM format.) You can change the format using a tool that is provided by your certificate authority or using a tool such as OpenSSL (http://www.openssl.org). The command for converting a certificate from PEM to DER format is similar to the following example: openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER Go to step 8 after the signed certificate is returned from the certificate authority. 8. In the navigation pane, click Security. Scroll to the SSL Server Certificate Management area. 9. Click Import a Signed Certificate. 10. Click Browse. 11. Click the certificate file that you want and then click Open. The file name (including the full path) is displayed in the field next to the Browse button. 12. Click Import Server Certificate to begin the process. A progress indicator is displayed as the file is transferred to storage on the IMM. Continue to display this page until the transfer is completed. Enabling SSL for the secure Web server Note: To enable SSL, a valid SSL certificate must be installed. Complete the following steps to enable the secure Web server: 1. In the navigation pane, click Security. The page that is displayed shows that a valid SSL server certificate is installed. If the SSL server certificate status does not show that a valid SSL certificate is installed, go to "SSL server certificate management" on page 40. 2. Scroll to the SSL Server Configuration for Web Server area, select Enabled in the SSL Client field, and then click Save. The selected value takes effect the next time the IMM is restarted. SSL client certificate management The SSL client requires that a valid certificate and corresponding private encryption key be installed before SSL is enabled. Two methods are available for generating the private key and required certificate: using a self-signed certificate, or using a certificate signed by a certificate authority. The procedure for generating the private encryption key and certificate for the SSL client is the same as the procedure for the SSL server, except that you use the SSL Client Certificate Management area of the Security Web page instead of the SSL Server Certificate Management area. If you want to use a self-signed certificate for the SSL client, see "Generating a self-signed certificate" on page 40. If you want to use a certificate authority signed certificate for the SSL client, see "Generating a certificate-signing request" on page 40. SSL client trusted certificate management The secure SSL client (LDAP client) uses trusted certificates to positively identify the LDAP server. A trusted certificate can be the certificate of the certificate authority that signed the certificate of the LDAP server, or it can be the actual Chapter 3. Configuring the IMM 43