Manualshelf

HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
3-11
Ready the Data Center for an SBM Deployment
Ready a Certificate for the SBM
SBM Administrator Creates and Submits a Request
This option has the security advantage that the private key is generated on the
SBM and never leaves it. In addition, the SBM installer does not require any
special domain permissions to generate the request. This option does, how-
ever, leave it up to the SBM administrator to enter the correct information for
the request (guided by the Setup Wizard, which eliminates most errors). In
addition, he or she cannot proceed in the installation until the request has been
signed and returned.
When the SBM administrator submits the request, you can issue the certificate
using a Windows CA or a third-party CA. If you are using a Windows CA, simply
submit the request and save out the certificate. You do not need to append any
special options to the request. The certificate request specifies the Web Server
template and, given that the SBM administrator has completed the wizard
correctly, includes the SBM’s subject name and SANs.
Note The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of
the subject name. By default, it suggests the FQDN as the SAN. Tell the SBM
technician who completes the Setup Wizard to leave the default FQDN. These
settings are required for the certificate to function correctly.
If you are using a third-party CA, simply make sure that the signed certificate
is returned as a PEM-encoded Base 64 file.
SBM Administrator Initiates an Automatic Request to
Your CA
The SBM administrator can also initiate an autoenrollment request for the
certificate. This option has the advantage that the private key is generated on
the SBM and never leaves it. It also removes the delay involved in manually
signing an offline request. However, the SBM administrator is in charge of
entering the correct information in the request (guided by the Setup Wizard,
which eliminates most errors).
Note The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of
the subject name. By default, it suggests the FQDN as the SAN. These settings
are required for the certificate to function correctly.
In addition, this option requires you to give the SBM administrator permission
to enroll for Web Server certificates.