Product registration, About remote desktop, Security updates – TANDBERG 1D13898.07 User Manual
Page 23: Security certificate management, Certificate, Product registration and security update
23
D13898.07
NOVEMBER 2008
TANDBERG
CONTENT SERVER
ADMINISTRATOR GUIDE
Product Registration, Security Updates and Security Certificate
Product Registration
You need to register the product if you would
like to receive an email from TANDBERG
Constant Care Services when updates to the
TANDBERG Content Server become available.
You can register using the Registration Card
provided with your Content Server or via the
web at
You can also check the following ftp site for all
available downloads:
Security Updates
All relevant security updates for the
TANDBERG Content Server are available from
the following ftp site
.
IT IS IMPORTANT THAT YOU DOWNLOAD AND
INSTALL THE MOST RECENT SECURITY UPDATE
FOR EACH YEAR FROM THE TANDBERG FTP
SITE BEFORE USING THIS PRODUCT. YOU
SHOULD ALSO CHECK THIS SITE REGULARLY
TO SEE IF NEW SECURITY UPDATES ARE
AVAILABLE. ALL SECURITY UPDATES RELEVANT
TO THE Content Server ARE CUMULATIVE
THROUGHOUT THE CALENDAR YEAR.
Security Certificate Management
Content Server software upgrades and security updates need to be installed using Remote
Desktop access.
Remote Desktop access is also used for:
Backing up the Content Server. See also the
•
section.
Changing the default media storage location. See also the
•
section.
Installing the Security Certificate. See the
•
section.
For more information about Remote Desktop access, see
Appendix 5: Using Remote Desktop
About Remote Desktop
The TANDBERG Content Server has implemented SSL (Secure Sockets Layer) protocol for sending
user authentication information (username and password) in a secure way at user log in. The SSL
implementation means that the Content Server website needs to establish its credentials with the
user’s browser through an electronic document known as a security certificate.
Each TANDBERG Content Server is shipped with a self signed certificate issued by TANDBERG,
which is valid for a year. As TANDBERG is not a trusted Certificate Authority, when users try to log in
to the Content Server, most browsers will display a message that the identity of the site could not
be verified. Users may add the Content Server to the Trusted sites list in Internet Explorer or add an
exception in Firefox to avoid getting error messages at log in.
Once the original Content Server certificate has expired, browsers will display another warning,
in addition to any previous warning related to self-signed certificates that are installed. A new
certificate request can be generated using the IIS certificate wizard. Once this request is
generated, another self signed certificate may be created, using a third party tool, or this request
can be forwarded to a certificate issuing authority.
TANDBERG recommends purchasing a security certificate from a certificate issuing authority that
has a trusted relationship back to a root authority, such as VeriSign or Comodo. These credentials
are most likely to be trusted by browsers, removing the need to add the Content Server to the list
of trusted sites. This certificate needs to be generated against the Windows machine name or the
DNS entry associated with the IP address that the TCS is using.
The security certificate must be installed for the TCS default website. You may also install it for the
Windows Media Administration website and the Windows Server Administration website to avoid
getting security warnings when administrators log in to those sites. Do NOT remove the expired
certificate, as this will result in the HTTPS service being unavailable, preventing any logon attempts.
Example of an invalid security certificate warning in Internet Explorer: