Dell Data Protection | Encryption Manuale Utente Scaricare il pdf (Pagina 54)

54 Enterprise Server Installation and Migration Guide

– Validation of smart cards used for Preboot Authentication:

• Import the “Root Agency” signing certificate and full chain of trust into the Dell Security Server Java keystore. For

more information, see Create a Self-Signed Certificate and Generate a Certificate Signing Request. The full chain of

trust must be imported.

– Dell Manager:

• Insert the “Root Agency” signing certificate (from the self-signed certificate generated) into the workstation’s

“Trusted Root Certification Authorities” (for “local computer”) in the Microsoft keystore.

• Modify the behavior of Dell Manager to not perform SSL validation. To turn off Dell Manager SSL trust validation,

check

Disable Trust Chain Check

on the

Settings

tab.

The client computer also must have the following registry entry to disable trust validation:

HKLM\System\CurrentControlSet\Services\CredMgmtAgent\Parameters\DisableSSLCertTrust (DWORD (32-bit) Value)=1

Disabling trust validation lessens security but allows you to use a self-signed certificate for pilots, POCs, etc.

For a

production environment, Dell recommends public CA-signed or domain-signed certificates.

– Workstations running the web browser version of the Silverlight Console:

• Insert the “Root Agency” signing certificate (from Intermediate Certification Authorities) into the workstation’s

“Trusted Root Certification Authorities” (for “local computer”) in the Microsoft keystore.

There are two methods to create a certificate – Express and Advanced.

Choose

one

method:

• Express – Choose this method to generate a self-signed certificate for all components. This is the easiest method.

• Advanced – Choose this method to configure each component separately.

Express

From the top menu, select

Actions

Configure Certificates

When the Configuration Wizard launches, select

Express

and click

. The information from the self-signed certificate

that was created when installing the Enterprise Server will be used, if available.

From the top menu, select

Configuration

Save

. If prompted, confirm the save.

Certficate set up is complete. The rest of this section details the Advanced method of creating a certificate and may be

ignored.

If your deployment includes Dell Manager, continue to step 9 on page 55.

If your deployment does

not

include Dell Manager, continue to step 10 on page 56.

Advanced

There are two paths to create a certificate – Generate Self-Signed Certificate and Use Current Settings.

Choose

one

path:

• Path 1 – Generate Self-Signed Certificate

• Path 2 – Use Current Settings

Path 1 – Generate Self-Signed Certificate

From the top menu, select

Actions

Configure Certificates

When the Configuration Wizard launches, select

Advanced

and click

Select

Generate Self-Signed Certificate

and click

. The information from the self-signed certificate that was

created when installing the Enterprise Server will be used, if available.

From the top menu, select

Configuration

Save

. If prompted, confirm the save.

Certficate set up is complete. The rest of this section details the other method of creating a certificate and may be

ignored.

If your deployment includes Dell Manager, continue to step 9 on page 55.

1 2 ... 49 50 51 52 53 54 55 56 57 58 59 ... 79 80

Commenti su questo manuale

Nessun commento

Dell Data Protection | Encryption Manuale Utente Pagina 54

Commenti su questo manuale

Prodotti e manuali riguardandi Software di database Dell Data Protection | Encryption