OpenManage Help
Close
X.509 Certificate Management
Use this window to create, import, or reuse a web certificate for Server Administrator.
NOTE: This help page may include information about features not supported by your system. Server Administrator only displays features that are supported on your system.
User Privileges
Selection View Manage
X.509 Certificate Management Administrator Administrator
NOTE: For more details on user privilege levels, see "Privilege Levels in the Server Administrator GUI."
Back to Top
X.509 Certificate Management
Web certificates ensure the identity of a remote system and ensure that information exchanged with the remote system cannot be viewed or changed by others. To ensure system security for Server Administrator, it is strongly recommended that you either generate a new X.509 certificate, reuse an existing X.509 certificate, or import a root certificate or certificate chain from a Certificate Authority (CA).
You can apply for a certificate to authenticate user privileges for access to your system over a network, or for accessing a storage device attached to your system.
Back to Top
X.509 Certificate Option Menu
Generate a new certificate Use this certificate generation tool to create a certificate for access to Server Administrator. If the new certificate is not active after restart, you can restore the previous certificate. Follow the steps detailed in the Restore Previous Certificate section.
Certificate Maintenance Selects an existing certificate that your company has title to, and uses this certificate to control access to Server Administrator.
Import root certificate Allows the user to import the root certificate, as well as the certificate response (in PKCS#7 format), received from the trusted certificate authority. Some of the reliable certificate authorities are Verisign, Thawte, and Entrust.
Import certificate chain Allows the user to import the certificate response (in PKCS#7 format) from the trusted certificate authority. Some of the reliable certificate authorities are Verisign, Thawte,and Entrust.
Back to Top
X.509 Certificate Generation Menu: Generate a New Certificate
Alias An alias is a shortened, keystore-specific name for an entity that has a certificate in the keystore. A user can assign any alias name for the public and the private key in the keystore.
Key Signing Algorithm Displays the supported signing algorithms. Select an algorithm from the drop down list.
NOTE: If you select either SHA 512 or SHA 256,ensure that your operating system/browser supports this algorithm. If you select one of these options without the requisite operating system/browser support, server administrator will display a "cannot display the webpage" error.
Key Generation Algorithm Describes the algorithm to be used to generate the certificate. Commonly used algorithms are RSA and DSA.
Key Size Encryption strength for your private key. The default value is 1024.
Validity Period Length of time the certificate is to be valid, expressed in days.
Common Name (CN) Exact name of the host or domain to be secured, for example, xyzcompany.com.
Organization (O) Full company name as it appears in your company's certificate of incorporation, or as it is registered with your state government.
Organization Unit (OU) Division of this company applying for the certificate, for example, E-Commerce Department.
Locality (L) The city or place name where the organization is registered or incorporated.
State (ST) The state or province where the organization is registered or incorporated. Spell out the name.
Country (C) Two-letter country code, for example, US for United States and UK for United Kingdom.
Back to Top
Restoring the Previous Certificate
To restore the previous certificate, follow these steps:
1. Stop the Web server. See the Stop, Start or Restart the Web server section.
2. For Windows operating system flavors:
  • Delete the file <installed directory>\Dell\SysMgt\iws\config\keystore.db
  • Rename the file <installed directory>\Dell\SysMgt\iws\config\keystore.db.bak to keystore.db
3. For Linux operating system flavors:
  • Delete the keystore.db file present in /opt/dell/srvadmin/etc/openmanage/iws/config
  • Rename the keystore.db.bak present in /opt/dell/srvadmin/etc/openmanage/iws/config to keystore.db
4. Start the Web server. See the Stop, Start or Restart the Web server section.
Back to Top
X.509 Certificate Generation Menu: Certificate Maintenance
Certificates This is the name of the X.509 certificate that is currently being used.
Select appropriate action Certificate Signing Request (CSR) : Use the information in the existing certificate to build a certificate request.
Display Contents : Display the contents of the certificate. This option results in an extensive report that parses the components of the certificate.
Export Certificate in BASE 64-encoded format : Export an existing certificate for use by another application.
When you select CSR, Server Administrator makes a .csr file. Server Administrator displays the path where you can retrieve the .csr file.
Server Administrator also prompts you to copy and save the text of the certificate.
When you select Export, Server Administrator enables you to download the certificate as a .cer file and save the file to a directory that you select.
Back to Top
X.509 Self-Signed Certificate Contents
Values for the following fields are collected at the time that the certificate is first created:
Alias An alias is a shortened, keystore-specific name for an entity that has a certificate in the keystore. A user can assign any alias name for the public and the private key in the keystore.
Creation Date Date the existing certificate was originally created.
Provider The default certificate provider is the Sun Microsystems security provider. Sun has one certificate factory that works with certificates of type X509.
Certificate Chain Complete certificate which has the root certificate as well as the response associated with it.
Back to Top
Chain Element 1:
If a user views the certificate contents and finds "Chain Element 1:" but not "Chain Element 2:" in the description, the existing certificate is a self-signed certificate. If the certificate contents refer to "Chain Element 2:," the certificate has one or more CAs associated with it.
Attribute Certificate Value
Type X.509.
Version Version of X.509.
IsValid Whether Server Administrator considers the certificate to be valid (Yes or No).
Subject Name of the entity for whom the certificate has been issued. This entity is referred to as the subject of the certificate.
Issuer Name of the certificate authority who signed the certificate.
Valid From First date the certificate is good for first use.
Valid To Last date the certificate is good for use.
Serial Number Unique number that identifies this certificate.
Public Key Public Key of the certificate, that is, the key that belongs to the subject the certificate vouches for.
Public Key Algorithm RSA or DSA.
Key Usage Key usage extension, which defines the purpose of the key. You can use a key for digital signing, key agreement, certificate signing, and more. The key usage is an extension to the X.509 specification and need not be present in all X.509 certificates.
Signature Certificate authority's identifying digest that confers validity on a certificate.
Signature Algorithm Name Algorithm used to generate the signature.
Signature Algorithm OID Object ID of the signature algorithm.
Signature Algorithm Parameters Algorithm used to generate the signature that uses the TBS certificate as input.
TBS Certificate Body of the actual certificate. It contains all the naming and the key information held in the certificate. The TBS certificate is used as an input data to the signature algorithm when the certificate is signed or verified.
Basic Constraints An X.509 certificate may contain an optional extension that identifies whether the subject of the certificate is a certificate authority (CA). If the subject is a CA, this extension returns the number of certificates that may follow this certificate in a certification chain.
Subject Unique ID String that identifies the applicant for the certificate.
Issuer Unique ID String that identifies the issuer of the certificate.
MD5 Fingerprints Digital signature algorithm that verifies data integrity by creating a 128-bit message digest or fingerprint. The fingerprint is as unique to the input data as a person's fingerprint is to only one individual person.
SHA1 Fingerprints Secure hashing algorithm, a cryptographic message digest algorithm used to verify data integrity by making replication of the digest or fingerprint "computationally expensive," that is, not worth the effort.
Encoded Certificate Content of the certificate in binary form.
Back to Top
CA Root Certificate Import: Import root certificate
You can import a root certificate that you receive from a CA. Perform the following steps:
  1. Select the root certificate that you want to import and click Update and Proceed.
  2. Select the certificate response (in the PKCS #7 format, received from the CA) and click Import.
Back to Top
Certificate Import: Import certificate chain
To import a certificate chain that you obtain from a CA:
  1. Type the name of the certificate file you want to import, or click Browse to search for the file.
  2. Select the file and click Import.
Back to Top
Other Window Controls
Print Prints a copy of the open window to your default printer.
E-mail E-mails the contents of this window to your designated recipient. See the Server Administrator User's Guide for instructions about configuring your Simple Mail Transfer Protocol (SMTP) server.
Next Go to the next task.
Help Displays the online help for this page.