Deployment Guide
Table Of Contents
- Dell Security Management Server Installation and Migration Guide v11.0.0
- Contents
- Introduction
- Requirements and Architecture
- Pre-Installation Configuration
- Install or Upgrade/Migrate
- Post-Installation Configuration
- Administrative Tasks
- Ports
- SQL Server Best Practices
- Certificates
Certificates
This chapter explains how to obtain certificates for use with Security Management Server.
For information on how to configure to configure SmartCard Authentication, see http://www.dell.com/support/
article/us/en/19/sln303783/dell-data-protection-sed-management-smartcard-setup-guide?lang=en.
For information about the minimum requirements to request SSL/TLS certificates for use by the Dell Data Security server,
see http://www.dell.com/support/article/us/en/19/sln307037/dell-data-protection-enterprise-edition-and-virtual-edition-dell-
security-management-sever-and-virtual-server-ssl-tls-certificate-minimum-requirements?lang=en.
For information about updating the certificate for Dell Encryption with an existing certificate in the Microsoft keystore, see
http://www.dell.com/support/article/us/en/19/sln297240/.
Create a Self-Signed Certificate and Generate a
Certificate Signing Request
This section details the steps to create a self-signed certificate for the Java-based components. This process cannot be used
to create a self-signed certificate for .NET-based components.
Dell recommends a self-signed certificate only in a non-production environment.
If your organization requires an SSL server certificate, or you need to create a certificate for other reasons, this section
describes the process to create a java keystore using Keytool.
If your organization plans to use smart cards for authentication, you need to use Keytool to import the full certificate chain of
trust that are used in the smart card user's certificate.
Keytool creates private keys that are passed in the format of a Certificate Signing Request (CSR) to a Certificate Authority
(CA), such as VeriSign
®
or Entrust
®
. The CA will then, based on this CSR, create a server certificate that it signs. The server
certificate is then downloaded to a file along with the signing authority certificate. The certificates are then imported into the
cacerts file.
Generate a New Key Pair and a Self-Signed Certificate
1. Navigate to the conf directory of Compliance Reporter, Security Server, or Device Server.
2. Back up the default certificate database:
Click Start > Run, and type move cacerts cacerts.old.
3. Add Keytool to the system path. Type the following command in a command prompt:
set path=%path%;<Dell Java Install Dir>\bin
4. To generate a certificate, run Keytool as shown:
keytool -genkey -keyalg RSA -sigalg SHA1withRSA -alias Dell -keystore .\cacerts
5. Enter the following information as the Keytool prompts for it.
NOTE:
Back up configuration files before editing them. Only change the specified parameters. Changing other data in these
files, including tags, can cause system corruption and failure. Dell cannot guarantee that problems resulting from
unauthorized changes to these files can be solved without reinstalling the Security Management Server.
● Keystore password: Enter a password (unsupported characters are <>;&" '), and set the variable in the component conf file
to the same value, as follows:
<Compliance Reporter install dir>\conf\eserver.properties. Set the value eserver.keystore.password =
9
Certificates 87