9 appliance access over ssl, 10 managing certificates from a browser, 1 self-signed certificate – HP OneView User Manual

Page 55: 1 verifying a certificate

Advertising
background image

3.9 Appliance access over SSL

All access to the appliance is through HTTPS (HTTP over SSL), which encrypts data over the network
and helps to ensure data integrity. For a list of supported cipher suites, see

“Algorithms for securing

the appliance” (page 59)

.

3.10 Managing certificates from a browser

A certificate authenticates the appliance over SSL. The certificate contains a public key, and the
appliance maintains the corresponding private key, which is uniquely tied to the public key.

NOTE:

This section discusses certificate management from the perspective of the browser. For

information on how a non-browser client (such as cURL) uses the certificate, see the documentation
for that client.

The certificate also contains the name of the appliance, which the SSL client uses to identify the
appliance.

The certificate has the following boxes:

Common Name (CN)

This name is required. By default it contains the fully qualified host name of the appliance.

Alternative Name

The name is optional, but HP recommends supplying it because it supports multiple names
(including IP addresses) to minimize name-mismatch warnings from the browser.

By default, this name is populated with the fully qualified host name (if DNS is in use), a short
host name, and the appliance IP address.

NOTE:

If you enter Alternative Names, one of them must be your entry for the Common

Name.

These names can be changed when you manually create a self-signed certificate or a certificate
signing request.

3.10.1 Self-signed certificate

The default certificate generated by the appliance is self-signed; it is not issued by a trusted certificate
authority.

By default, browsers do not trust self-signed certificates because they lack prior knowledge of them.
The browser displays a warning dialog box; you can use it to examine the content of the self-signed
certificate before accepting it.

3.10.1.1 Verifying a certificate

You can verify the authenticity of the certificate by viewing it with your browser.

After logging in to the appliance, choose Settings

→Security to view the certificate. Make note of

these attributes for comparison:

Fingerprints (especially)

Names

Serial number

Validity dates

Compare this information to the certificate displayed by the browser, that is, when browsing from
outside the appliance.

3.9 Appliance access over SSL

55

Advertising
Popular Brands
Popular manuals