EasyManua.ls Logo

IBM BladeCenter Management Module - SSL Certificate Overview; SSL Server Certificate Management

IBM BladeCenter Management Module
78 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Note:
Changes
to
the
SSL
client
configuration
take
effect
immediately
and
do
not
require
a
restart
of
the
management
module.
SSL
certificate
overview
You
can
use
SSL
with
either
a
self-signed
certificate
or
with
a
certificate
signed
by
a
third-party
certificate
authority.
Using
a
self-signed
certificate
is
the
simplest
method
for
using
SSL,
but
it
does
create
a
small
security
risk.
The
risk
arises
because
the
SSL
client
has
no
way
of
validating
the
identity
of
the
SSL
server
for
the
first
connection
attempted
between
the
client
and
server.
It
is
possible
that
a
third
party
could
impersonate
the
server
and
intercept
data
flowing
between
the
management
module
and
the
Web
browser.
If
at
the
time
of
the
initial
connection
between
the
browser
and
the
management
module,
the
self-signed
certificate
is
imported
into
the
certificate
store
of
the
browser,
all
future
communications
will
be
secure
for
that
browser
(assuming
the
initial
connection
was
not
compromised
by
an
attack).
For
more
complete
security,
you
can
use
a
certificate
signed
by
a
certificate
authority.
To
obtain
a
signed
certificate,
use
the
SSL
Certificate
Management
page
to
generate
a
certificate
signing
request.
You
must
then
send
the
certificate
signing
request
to
a
certificate
authority
and
make
arrangements
to
procure
a
certificate.
When
the
certificate
is
received,
it
is
then
imported
into
the
management
module
using
the
Import
a
Signed
Certificate
link,
and
you
can
enable
SSL.
The
function
of
the
certificate
authority
is
to
verify
the
identity
of
the
management
module.
A
certificate
contains
digital
signatures
for
the
certificate
authority
and
the
management
module.
If
a
well-known
certificate
authority
issues
the
certificate
or
if
the
certificate
of
the
certificate
authority
has
already
been
imported
into
the
Web
browser,
the
browser
will
be
able
to
validate
the
certificate
and
positively
identify
the
management-module
Web
server.
The
management
module
requires
a
certificate
for
the
secure
Web
server
and
one
for
the
secure
LDAP
client.
Also,
the
secure
LDAP
client
requires
one
or
more
trusted
certificates.
The
trusted
certificate
is
used
by
the
secure
LDAP
client
to
positively
identify
the
LDAP
server.
The
trusted
certificate
is
the
certificate
of
the
certificate
authority
that
signed
the
certificate
of
the
LDAP
server.
If
the
LDAP
server
uses
self-signed
certificates,
the
trusted
certificate
can
be
the
certificate
of
the
LDAP
server
itself.
Additional
trusted
certificates
can
be
imported
if
more
than
one
LDAP
server
is
used
in
your
configuration.
SSL
server
certificate
management
The
SSL
server
requires
that
a
valid
certificate
and
corresponding
private
encryption
key
is
installed
before
SSL
is
enabled.
There
are
two
methods
available
for
generating
the
private
key
and
required
certificate:
using
a
self-signed
certificate
and
using
a
certificate
signed
by
a
certificate
authority.
If
you
want
to
use
a
self-signed
certificate
for
the
SSL
server,
see
“Generating
a
self-signed
certificate”
on
page
45.
If
you
want
to
use
a
certificate
authority
signed
certificate
for
the
SSL
server,
see
“Generating
a
certificate
signing
request”
on
page
46.
44
BladeCenter
Management
Module:
User’s
Guide

Table of Contents

Related product manuals