Manualshelf

HP ThinPro 7.0 - Administrator Guide

ManualsBrandsHP ManualsDesktopsHP t520 Flexible Thin Client
61626364656667686970
the secret is displayed in plain text as long as the mouse button is held down. As soon as the button is
released, the secret is again obscured.
Use domain text entry: If enabled, a separate Domain input eld is provided for the domain name where
applicable. If disabled, the domain is determined by the value entered in the User eld instead. For instance, if
the User eld contains “mike@mycorp”, the domain is assumed to be “mycorp”. If the user eld is “graycorp
\mary”, the domain is assumed to be “graycorp”.
Allow administrators to override screen lock: If enabled, you can override a locked screen and return it to
the login screen or ThinPro desktop, just as if the user had manually logged out of the thin client.
Certicates
NOTE: For more information about using certicates in Linux, go to https://www.openssl.org/docs/.
Certicate Manager
To open Certicate Manager:
Select Security and then select Certicates in Control Panel.
Use Certicate Manager to manually install a certicate from a certicate authority (CA). This action copies
the certicate to the user’s local certicate store (/usr/local/share/ca-certicates) and congures OpenSSL to
use the certicate for connection verication.
If desired, use Prole Editor to attach the certicate to a prole, as described in Adding certicates to a client
prole on page 68.
NOTE: Generally, a self-signed certicate will work as long as it is valid according to specication and can be
veried by OpenSSL.
SCEP Manager
To open the SCEP Manager:
Select Security and then select SCEP Manager in Control Panel.
Use the SCEP Manager when you need to enroll or renew client-side certicates from a CA.
During an enrollment or renewal, the SCEP Manager generates the thin client’s private key and certicate
request, and then it sends the request to the CA on the SCEP server. When the CA issues the certicate, the
certicate is returned and placed in the thin client’s certicate store. OpenSSL uses the certicate for
connection verication.
NOTE: Before enrollment, make sure that the SCEP server is congured properly.
Use the Identifying tab of the SCEP Manager to enter information about the user, if desired.
NOTE: The Common Name is required and is the thin client’s Fully Qualied Domain Name (FQDN) by
default. The other information is all optional. The Country or Region is entered as two letters, such as US for
the United States and CN for China.
Use the Servers tab of the SCEP Manager to add SCEP servers and enroll or renew certicates.
TIP: When entering a new SCEP server, save the server information rst, and then use the Settings button
to go back and do an enrollment.
Security 51