HP t420 Administrator Guide 8 - Page 63
Certificates, Certificate Manager, SCEP Manager
View all HP t420 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 63 highlights
the secret is displayed in plain text as long as the mouse button is held down. As soon as the button is released, the secret is again obscured. Use domain text entry: If enabled, a separate Domain input field is provided for the domain name where applicable. If disabled, the domain is determined by the value entered in the User field instead. For instance, if the User field contains "mike@mycorp", the domain is assumed to be "mycorp". If the user field is "graycorp \mary", the domain is assumed to be "graycorp". Allow administrators to override screen lock: If enabled, you can override a locked screen and return it to the login screen or ThinPro desktop, just as if the user had manually logged out of the thin client. Certificates NOTE: For more information about using certificates in Linux, go to https://www.openssl.org/docs/. Certificate Manager To open Certificate Manager: ▲ Select Security and then select Certificates in Control Panel. Use Certificate Manager to manually install a certificate from a certificate authority (CA). This action copies the certificate to the user's local certificate store (/usr/local/share/ca-certificates) and configures OpenSSL to use the certificate for connection verification. If desired, use Profile Editor to attach the certificate to a profile, as described in Adding certificates to a client profile on page 68. NOTE: Generally, a self-signed certificate will work as long as it is valid according to specification and can be verified by OpenSSL. SCEP Manager To open the SCEP Manager: ▲ Select Security and then select SCEP Manager in Control Panel. Use the SCEP Manager when you need to enroll or renew client-side certificates from a CA. During an enrollment or renewal, the SCEP Manager generates the thin client's private key and certificate request, and then it sends the request to the CA on the SCEP server. When the CA issues the certificate, the certificate is returned and placed in the thin client's certificate store. OpenSSL uses the certificate for connection verification. NOTE: Before enrollment, make sure that the SCEP server is configured properly. Use the Identifying tab of the SCEP Manager to enter information about the user, if desired. NOTE: The Common Name is required and is the thin client's Fully Qualified Domain Name (FQDN) by default. The other information is all optional. The Country or Region is entered as two letters, such as US for the United States and CN for China. Use the Servers tab of the SCEP Manager to add SCEP servers and enroll or renew certificates. TIP: When entering a new SCEP server, save the server information first, and then use the Settings button to go back and do an enrollment. Security 51