Ssl server certificate management, Generating a self-signed certificate, Generating a certificate-signing request – Lenovo ThinkServer TD200 User Manual

to generate a certificate-signing request. You must then send the certificate-signing
request to a certificate authority and make arrangements to procure a certificate.
When the certificate is received, it is then imported into the IMM through the
Import a Signed Certificate

link, and you can enable SSL.

The function of the certificate authority is to verify the identity of the IMM. A
certificate contains digital signatures for the certificate authority and the IMM. If a
well-known certificate authority issues the certificate or if the certificate of the
certificate authority has already been imported into the Web browser, the browser
can validate the certificate and positively identify the IMM Web server.

The IMM requires a certificate for the secure Web server and one for the secure
LDAP client. Also, the secure LDAP client requires one or more trusted certificates.
The trusted certificate is used by the secure LDAP client to positively identify the
LDAP server. The trusted certificate is the certificate of the certificate authority that
signed the certificate of the LDAP server. If the LDAP server uses self-signed
certificates, the trusted certificate can be the certificate of the LDAP server itself.
Additional trusted certificates must be imported if more than one LDAP server is
used in your configuration.

SSL server certificate management

The SSL server requires that a valid certificate and corresponding private
encryption key be installed before SSL is enabled. Two methods are available for
generating the private key and required certificate: using a self-signed certificate
and using a certificate that is signed by a certificate authority. If you want to use a
self-signed certificate for the SSL server, see “Generating a self-signed certificate.”
If you want to use a certificate-authority-signed certificate for the SSL server, see
“Generating a certificate-signing request.”

Generating a self-signed certificate

To generate a new private encryption key and self-signed certificate, complete the
following steps:
1.

In the navigation plane, click Security.

2.

In the SSL Server Configuration for Web Server area, make sure that the
setting is Disabled. If it is not disabled, select Disabled and then click Save.

Notes:

a.

The IMM must be restarted before the selected value (Enabled or Disabled)
takes effect.

b.

Before you can enable SSL, a valid SSL certificate must be in place.

c.

To use SSL, you must configure a client Web browser to use SSL3 or TLS.
Older export-grade browsers with only SSL2 support cannot be used.

3.

In the SSL Server Certificate Management area, select Generate a New Key
and a Self-signed Certificate

.

4.

Type the information in the required fields and any optional fields that apply to
your configuration. For a description of the fields, see “Required certificate
data” on page 41. After you finish typing the information, click Generate
Certificate

. Your new encryption keys and certificate are generated. This

process might take several minutes. You see confirmation if a self-signed
certificate is installed.

Generating a certificate-signing request

To generate a new private encryption key and certificate-signing request, complete
the following steps:

40

Integrated Management Module: User Guide