Viewing the remote administration settings section, Remote administration settings section components – HP Secure Key Manager User Manual
Page 237
Figure 131 Viewing the Remote Administration Settings section
The following table describes the components of the Remote Administration Settings section.
Table 112 Remote Administration Settings section components
Description
Components
The Web Admin Server IP address is the local IP address used to configure the SKM via
the Management Console. You can select one specific IP address or you can select all
of the IP addresses bound to the SKM. The URL used to connect to the Management
Console is: https://IP-address:port.
CAUTION:
We strongly recommend that you limit the Web Admin Server IP to a specific IP
address. If you have four IP addresses bound to the SKM, and you select All instead
of a specific IP address, then the SKM listens for Web Administration requests on
four different IP addresses; whereas, if you specify a single IP address, the SKM
listens for Web Administration requests on only one IP address. This can greatly
reduce system vulnerability to outside attacks.
Web Admin Server
IP
The Web Admin Server Port specifies the port on which the server listens for requests.
The default port is 9443.
Web Admin Server
Port
The Web Admin Client Certificate Authentication setting activates the Management
Console Client Authentication feature, which requires that users present a client certificate
when logging into the Management Console.
CAUTION:
This feature is immediately enabled when you select this checkbox. If you select
this option through the Management Console, you will be immediately logged off
and will need a valid client certificate to return. If needed, you can use the edit
ras settings command from the CLI to disable this feature without presenting a
certificate. For more information on this feature, see
.
Web Admin Client
Certificate Authen-
tication
This field allows you to select a profile to use to verify that client certificates are signed
by a CA trusted by the SKM appliance. This option is only valid if you require clients to
provide a certificate to authenticate to the KMS Server.
As delivered, the default Trusted CA List profile contains no CAs. You must either add
CAs to the default profile or create a new profile and populate it with at least one trusted
CA before the KMS Server can authenticate client certificates
Web Admin Trus-
ted CA List Profile
Secure Key Manager
237