Revoking a credential grant, Remote administration procedures, Enabling the web admin user authentication feature – HP Secure Key Manager User Manual
Page 79
1.
Log in to the Management Console as an administrator with High Access Administrator access
control. This is the administrator that will grant credentials to another.
2.
Navigate to the Grant a Credential section on the Administrator Configuration page (Device >
Administrators > Multiple Credentials).
3.
Select the administrator that will receive the credentials in the Grant to field.
4.
Enter the duration that the credentials will be granted. This value must be less that the Maximum
Duration for Time-Limited Credentials value in the Multiple Credentials for Key Administration
section.
5.
Select the operations for which you are granting credentials.
6.
Click Grant. You can now view the granted credentials in the Credentials Granted section.
Revoking a credential grant
Prior to revoking a credential grant, you must have granted credentials.
To revoke a credential grant:
1.
Log in to the Management Console as an administrator that has previously granted credentials.
2.
Navigate to the Credentials Granted section on the Administrator Configuration page (Device >
Device Configuration > Administrators > Multiple Credentials).
3.
Click Delete/Revoke. The credential grant will be removed from the system.
Remote administration procedures
Enabling the Web Admin User Authentication feature
The Web Admin User Authentication feature requires a client certificate signed by the local CA on
the SKM.
Signing a certificate request and downloading the certificate
This section describes how to sign a certificate request with a local CA and then download the
certificate. You must download the certificate immediately after it is signed by the CA.
To sign a certificate request with a local CA:
1.
Open the certificate request in a text editor.
2.
Copy the text of the certificate request. The copied text must include the header (-----BEGIN
CERTIFICATE REQUEST-----) and the footer (-----END CERTIFICATE REQUEST-----).
3.
Log in to the Management Console as an administrator with Certificates access control.
4.
Navigate to the Local Certificate Authority List (Security > Certificates & CAs > Local CAs). Select
the local CA and click Sign Request to access the Sign Certificate Request section.
5.
Modify the fields as shown:
• Sign with Certificate Authority - Select the CA that signs the request.
• Certificate Purpose - Select Client.
• Certificate Duration (days) - Enter the life span of the certificate.
• Certificate Request - Paste all text from the certificate request, including the header and footer.
Secure Key Manager
79