Home » HP Manuals » Desktops » HP t420 » Manual Viewer

HP t420 Administrator Guide 8 - Page 63

Certificates, Certificate Manager, SCEP Manager

Add to My Manuals
Save this manual to your list of manuals

Page 63 highlights

the secret is displayed in plain text as long as the mouse button is held down. As soon as the button is released, the secret is again obscured. Use domain text entry: If enabled, a separate Domain input field is provided for the domain name where applicable. If disabled, the domain is determined by the value entered in the User field instead. For instance, if the User field contains "mike@mycorp", the domain is assumed to be "mycorp". If the user field is "graycorp \mary", the domain is assumed to be "graycorp". Allow administrators to override screen lock: If enabled, you can override a locked screen and return it to the login screen or ThinPro desktop, just as if the user had manually logged out of the thin client. Certificates NOTE: For more information about using certificates in Linux, go to https://www.openssl.org/docs/. Certificate Manager To open Certificate Manager: ▲ Select Security and then select Certificates in Control Panel. Use Certificate Manager to manually install a certificate from a certificate authority (CA). This action copies the certificate to the user's local certificate store (/usr/local/share/ca-certificates) and configures OpenSSL to use the certificate for connection verification. If desired, use Profile Editor to attach the certificate to a profile, as described in Adding certificates to a client profile on page 68. NOTE: Generally, a self-signed certificate will work as long as it is valid according to specification and can be verified by OpenSSL. SCEP Manager To open the SCEP Manager: ▲ Select Security and then select SCEP Manager in Control Panel. Use the SCEP Manager when you need to enroll or renew client-side certificates from a CA. During an enrollment or renewal, the SCEP Manager generates the thin client's private key and certificate request, and then it sends the request to the CA on the SCEP server. When the CA issues the certificate, the certificate is returned and placed in the thin client's certificate store. OpenSSL uses the certificate for connection verification. NOTE: Before enrollment, make sure that the SCEP server is configured properly. Use the Identifying tab of the SCEP Manager to enter information about the user, if desired. NOTE: The Common Name is required and is the thin client's Fully Qualified Domain Name (FQDN) by default. The other information is all optional. The Country or Region is entered as two letters, such as US for the United States and CN for China. Use the Servers tab of the SCEP Manager to add SCEP servers and enroll or renew certificates. TIP: When entering a new SCEP server, save the server information first, and then use the Settings button to go back and do an enrollment. Security 51

Section	Page
Getting started	13
Finding more information	13
Choosing an OS configuration	14
Choosing a remote management service	15
Starting the thin client for the first time	15
Switching between administrator mode and user mode	15
GUI overview	16
Desktop	16
Taskbar	17
Connection configuration	18
Desktop connection management	18
Connection Manager (ThinPro only)	19
Advanced connection settings	19
Kiosk mode	20
Connection types	22
Citrix	22
Citrix Connection Manager	22
Connection	22
Configuration	23
General Settings	24
Options	24
Local Resources	25
Window	25
Firewall	26
Keyboard Shortcuts	26
Session	27
Advanced	27
RDP	27
RDP per-connection settings	27
Network	27
Service	28
Window	29
Options	29
Local Resources	30
Experience	31
Diagnostics	31
Advanced	32
RemoteFX	32
RDP multi-monitor sessions	32
RDP multimedia redirection	33
RDP device redirection	33
RDP USB redirection	33
RDP mass storage redirection	33
RDP printer redirection	34
RDP audio redirection	34
RDP smart card redirection	35
VMware Horizon View	35
VMware Horizon View per-connection settings	35
Network	35
General	36
Security	37
RDP Options	37
RDP Experience	38
Advanced	39
VMware Horizon View multi-monitor sessions	39
VMware Horizon View keyboard shortcuts	39
VMware Horizon View device redirection	40
VMware Horizon View USB redirection	40
VMware Horizon View audio redirection	40
VMware Horizon View smart card redirection	40
VMware Horizon View webcam redirection	41
Changing the VMware Horizon View protocol	41
VMware Horizon View HTTPS and certificate management requirements	41
Web Browser	42
Web Browser per-connection settings	42
Configuration	43
Preferences	43
Advanced	43
Additional connection types (ThinPro only)	43
TeemTalk	43
Configuration	43
TeemTalk Session Wizard	44
Advanced	45
XDMCP	45
Configuration	45
Advanced	45
Secure Shell	45
Configuration	46
Advanced	46
Telnet	46
Configuration	46
Advanced	47
Custom	47
Configuration	47
Advanced	47
HP True Graphics	48
Server-side requirements	48
Client-side requirements	48
Client-side configuration	48
Compression settings	48
Window settings	49
Monitor layout and hardware limitations	49
Enabling HP True Graphics for multiple monitors on the HP t420	49
Tips & best practices	50
Active Directory integration	51
Login screen	51
Single sign-on	51
Desktop	51
Screen lock	52
Administrator mode	52
Settings and the domain user	52
Start menu	53
Connection management	53
Switch to Administrator/Switch to User	53
System Information	53
Control Panel	53
Tools	53
Power	54
Search	54
Control Panel	55
System	55
Network settings	55
Wired network settings	56
Wireless network settings	56
DNS settings	58
IPSec rules	59
Configuring VPN settings	59
Configuring HP Velocity	59
DHCP options	60
Component Manager	60
Removing components	60
Undoing a change	61
Applying the changes permanently	61
Security	61
Security settings	61
Local Accounts	62
Encryption	62
Options	62
Certificates	63
Certificate Manager	63
SCEP Manager	63
Manageability	64
Active Directory configuration	64
Status tab	64
Options tab	65
HP ThinState	65
Managing an HP ThinPro image	65
Capturing an HP ThinPro image to an FTP server	65
Deploying an HP ThinPro image using FTP or HTTP	66
Capturing an HP ThinPro image to a USB flash drive	66
Deploying an HP ThinPro image with a USB flash drive	67
Managing a client profile	67
Saving a client profile to an FTP server	67
Restoring a client profile using FTP or HTTP	67
Saving a client profile to a USB flash drive	68
Restoring a client profile from a USB flash drive	68
VNC Shadowing	68
Input Devices	69
Hardware	69
Display preferences	70
Redirecting USB devices	70
Configuring printers	71
Appearance	71
Customization Center	72
System Information	73
HP Smart Client Services	74
Supported operating systems	74
Prerequisites for HP Smart Client Services	74
Obtaining HP Smart Client Services	74
Viewing the Automatic Update website	75
Creating an Automatic Update profile	75
MAC-address-specific profiles	75
Updating thin clients	76
Using the broadcast update method	76
Using the DHCP tag update method	76
Example of performing DHCP tagging	76
Using the DNS alias update method	77
Using the manual update method	77
Performing a manual update	77
Profile Editor	78
Opening Profile Editor	78
Loading a client profile	78
Client profile customization	78
Selecting the platform for a client profile	78
Configuring a default connection for a client profile	79
Modifying the registry settings of a client profile	79
Adding files to a client profile	79
Adding a configuration file to a client profile	79
Adding certificates to a client profile	80
Adding a symbolic link to a client profile	80
Saving the client profile	80
Serial or parallel printer configuration	81
Obtaining the printer settings	81
Setting up printer ports	81
Installing printers on the server	81
Troubleshooting	83
Troubleshooting network connectivity	83
Troubleshooting Citrix password expiration	83
Using system diagnostics to troubleshoot	83
Saving system diagnostic data	84
Uncompressing the system diagnostic files	84
Uncompressing the system diagnostic files on Windows-based systems	84
Uncompressing the system diagnostic files in Linux- or Unix-based systems	84
Viewing the system diagnostic files	84
Viewing files in the Commands folder	84
Viewing files in the /var/log folder	85
Viewing files in the /etc folder	85
USB updates	86
HP ThinUpdate	86
BIOS tools (desktop thin clients only)	87
BIOS settings tool	87
BIOS flashing tool	87
Resizing the flash drive partition	88
Registry keys	89
Audio	89
CertMgr	90
ComponentMgr	90
ConnectionManager	90
ConnectionType	91
custom	91
firefox	94
freerdp	98
ssh	108
teemtalk	112
telnet	115
view	119
xdmcp	127
xen	131
DHCP	143
Dashboard	143
Display	144
Imprivata	146
Network	146
Power	156
SCIM	158
ScepMgr	158
Search	159
Serial	159
SystemInfo	160
TaskMgr	160
USB	160
auto-update	161
background	163
config-wizard	164
desktop	165
domain	166
entries	167
firewall	167
hwh264	168
keyboard	168
logging	169
login	169
mouse	170
restore-points	170
screensaver	170
security	172
shutdown	173
sshd	173
time	173
touchscreen	175
translation	175
usb-update	176
users	176
vncserver	179
zero-login	181

Match case Limit results 1 per page

the secret is displayed in plain text as long as the mouse button is held down. As soon as the button is

released, the secret is again obscured.

Use domain text entry

: If enabled, a separate Domain input

ﬁeld

is provided for the domain name where

applicable. If disabled, the domain is determined by the value entered in the User

ﬁeld

instead. For instance, if

the User

ﬁeld

contains “mike@mycorp”, the domain is assumed to be “mycorp”. If the user

ﬁeld

is “graycorp

\mary”, the domain is assumed to be “graycorp”.

Allow administrators to override screen lock

: If enabled, you can override a locked screen and return it to

the login screen or ThinPro desktop, just as if the user had manually logged out of the thin client.

Certiﬁcates

NOTE:

For more information about using

certiﬁcates

in Linux, go to

https://www.openssl.org/

docs/

Certiﬁcate

Manager

To open

Certiﬁcate

Manager:

▲

Select

Security

and then select

Certiﬁcates

in Control Panel.

Use

Certiﬁcate

Manager to manually install a

certiﬁcate

from a

certiﬁcate

authority (CA). This action copies

the

certiﬁcate

to the user’s local

certiﬁcate

store

(/usr/local/share/ca-certiﬁcates)

and

conﬁgures

OpenSSL to

use the

certiﬁcate

for connection

veriﬁcation.

If desired, use

Proﬁle

Editor to attach the

certiﬁcate

to a

proﬁle,

as described in

Adding

certiﬁcates

to a client

proﬁle

on page

NOTE:

Generally, a self-signed

certiﬁcate

will work as long as it is valid according to

speciﬁcation

and can be

veriﬁed

by OpenSSL.

SCEP Manager

To open the SCEP Manager:

▲

Select

Security

and then select

SCEP Manager

in Control Panel.

Use the SCEP Manager when you need to enroll or renew client-side

certiﬁcates

from a CA.

During an enrollment or renewal, the SCEP Manager generates the thin client’s private key and

certiﬁcate

request, and then it sends the request to the CA on the SCEP server. When the CA issues the

certiﬁcate,

the

certiﬁcate

is returned and placed in the thin client’s

certiﬁcate

store. OpenSSL uses the

certiﬁcate

for

connection

veriﬁcation.

NOTE:

Before enrollment, make sure that the SCEP server is

conﬁgured

properly.

Use the

Identifying

tab of the SCEP Manager to enter information about the user, if desired.

NOTE:

The

Common Name

is required and is the thin client’s Fully

Qualiﬁed

Domain Name (FQDN) by

default. The other information is all optional. The

Country or Region

is entered as two letters, such as US for

the United States and CN for China.

Use the

Servers

tab of the SCEP Manager to add SCEP servers and enroll or renew

certiﬁcates.

TIP:

When entering a new SCEP server, save the server information

ﬁrst,

and then use the

Settings

button

to go back and do an enrollment.

Security