Deployment Guide
Table Of Contents
- Dell Wyse ThinOS Version 8.5 Hotfix INI Reference Guide
- Introduction
- Getting Started: Learning INI File Basics
- Parameters for wnos INI files only
- Parameters for wnos INI, {username} INI, and $MAC INI files
- Connect Parameter: Options
- TimeZone Parameter: Values
- Best Practices: Troubleshooting and Deployment Examples
Table 6. Connection Settings: wnos.ini files only (continued)
Parameter Description
RegisterWINS=yes Forces the thin client to register itself with a Microsoft WINS
server.
ScepAutoEnroll={yes, no}
AutoRenew={yes, no}
InstallCACert={yes, no}
[CountryName=country]
[State=state]
[Locality=locality]
[Organization=organization_name]
[OrganizationUnit=organization_unit]
[CommonName=common_name]
[Email=email_address]
[KeyUsage=key_usage]
[KeyLength={1024, 2048, 4096}]
[subAltName=subject_alt_name_list]
[RequestURL=scep_request_url]
[CACertHashType={MD5, SHA1, SHA256}]
[CACertHash=CA_HASH_VALUE]
[EnrollPwd=enrollment_password]
[EnrollPwdEnc=encrypted_enrollment_password]
[ScepAdminUrl=scep_administrator_page_url]
[ScepUser=scep_enrollment_user]
[ScepUserDomain=scep_enrollment_user_domain]
[ScepUserPwd=scep_enrollment_user_password]
[ScepUserPwdEnc=encrypted_scep_enrollment_user_passwo
rd]
This option is to allow client automatically get certificates and
renew certificates using SCEP protocol.
ScepAutoEnroll—Set this keyword to yes to enable client's
functionality to automatically obtain certificate.
Set AutoRenew—Set this keyword to yes to enable
certificate auto renew. Client only tries to renew certificates
requested either manually or automatically through SCEP
from this client, and the renewal is performed only after a
certificate's 1/2 valid period has passed.
Set InstallCACert—Set this keyword to yes to install the
root CA's certificate as trusted certificate after successfully
getting a client certificate.
CountryName, State, Locality, Organization,
OrganizationUnit, CommonName, Email—These keywords
together compose the subject identity of the requested client
certificate. Country Name should be two letter in uppercase,
other fields are printable strings with a length shorter than 64
bytes, and email_address should have a '@' in it. At least one
of the above fields must be configured correctly to form the
client certificate's subject identity.
KeyUsage —This option is to specify key usage of the
client certificate and should be set to a digitalSignature,
keyEncipherment or both using a ';' concatenating these two
as digitalSignature;keyEncipherment.
KeyLength—This option is to specify the key length of the
client certificate in bits, must one of the value in the list.
subAltName—This option is to specify the client certificate's
subject alternative names. It is a sequenced list of name
elements, and every element is either a DNS name or an IP
address. Use ';' as delimiter between them.
RequestURL—The RequestURL option is to specify the
SCEP server service URL. This field must be set correctly.
The default protocol for SCEP services is HTTP, which also
ensures data security. You can also add the prefix https:// if
SCEP service is deployed on HTTPS in your environment.
CACertHashType—CACertHashType is used to verify the
authenticity of the certificate authority. This option must be
set to MD5 or SHA1 or SHA256.
CACertHash—This is the hash value used to verify
certificate authority's certificate. Client will not issue a
certificate request to a SCEP server and cannot pass
certificate chain checking through a valid certificate authority.
EnrollPwd or EnrollPwdEnc—These keywords are used to
set the enrollment password from a SCEP administrator.
EnrollPwd is the plain-text enrollment password and
EnrollPwdEnc is the encrypted form of the same enrollment
password. Use only one of these two fields to set the used
enrollment password.
As a substitute of using EnrollPwd or EnrollPwdEnc to
directly specify an enrollment password, client allows using
a SCEP administrator's credential to automatically get an
Parameters for wnos INI files only
33