No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

X6800 Server Node iBMC (V300 or Later) User Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SSL Certificate

SSL Certificate

Function Description

The SSL Certificate page allows you to perform the following operation:

  • View Secure Sockets Layer (SSL) certificate information, which includes information about the root certificates, intermediate certificates, and server certificates.
  • Customize SSL information.
  • Import new certificates.

The SSL certificate sets up an SSL security channel over HTTPS between the web browser on the client and the web server to transmit encrypted data between the client and server and prevent data disclosure. SSL ensures the security of transmitted information and is used for verifying the authenticity of the website to be accessed. Servers allow you to replace SSL certificates. For security purposes, replace the original certificate and keys with your customized certificate and public and private key pair, and promptly update the certificate.

NOTE:
The SSL certificate can be a single SSL certificate or certificate chain that is less than 10 levels.

GUI

Choose Configuration from the main menu, and select SSL Certificate from the navigation tree.

The SSL Certificate page is displayed.



Parameter Description

Table 3-56 Parameters in the SSL Certificate Information area

Parameter

Description

Issued To

Information about the user of an SSL certificate, including:

  • CN: user name.
    NOTE:
    Set CN to the server fully qualified domain name (FQDN), that is, Host name.Domain name.
  • OU: department of the user.
  • O: company or organization of the user.
  • L: city of the user.
  • S: province or state of the user.
  • C: country of the user.

Issued By

Information about the issuer of an SSL certificate. The fields contained in Issued By are the same as those in Issued To.

Valid From

Date when the SSL certificate starts to take effect.

Valid To

Date when the SSL certificate will expire.

Serial Number

Serial number of the SSL certificate, which is used for identifying and migrating the certificate.

Procedure

Viewing Information About the Current SSL Certificate

  1. In the navigation tree, choose Configuration > SSL Certificate.

    The SSL Certificate page is displayed.

  2. In the SSL Certificate Information area, view information about the current SSL certificate used by the server.

Customizing SSL Certificate Information and Importing an SSL Certificate

NOTE:
Perform this operation when you want to apply for an SSL certificate.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the 1. Generate CSR area, set the parameters for customizing certificate information, and click Save.

    In the displayed dialog box, export the CSR file to the local PC as prompted.

    Table 3-57 describes the parameters for customizing certificate information.

    Table 3-57 Parameters for customizing certificate information

    Parameter

    Description

    Country (C)

    Country of the user.

    This parameter is mandatory. The value can contain only two letters.

    State (S)

    State or province of the user.

    The value can contain a maximum of 128 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    City/Location (L)

    City of the user.

    The value can contain a maximum of 128 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Organization Name (O)

    Company of the user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Organizational Unit (OU)

    Department of the user.

    The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

    Common Name (CN)

    Name of the user.

    This parameter is mandatory. The value can contain a maximum of 64 characters, including letters, digits, hyphens (-), underscores (_), periods (.), and spaces.

  3. Send the exported CSR file to the SSL certificate issuer to apply for an SSL certificate.

    After obtaining the official SSL certificate, save it to the local PC.

  4. In the Import Server Certificate area, click Browse, select the SSL certificate file, and click Import.

    The certificate is successfully uploaded to the server if the following information is displayed:

    Certificate imported successfully. The new certificate takes effect after the iBMC is restarted.

    Click Restart Now to restart the iBMC immediately or click Restart Later to restart the iBMC later.

    NOTE:
    • The certificate file to be imported must be in *.crt, *.cer, or *.pem format and cannot exceed 1 MB.
    • A CSR file correlates with the server certificate applied from the CA organization. Do not generate a new CSR file before importing the server certificate. Otherwise, the original CSR file is overwritten by the new CSR file and cannot be recovered. You have to use the new CSR file to apply for a new server certificate from the CA organization.
Importing an SSL Certificate
NOTE:
  • Perform this operation only when an SSL certificate is available on the client.
  • For security purposes, use a secure encryption algorithm, for example RSA2048, to encrypt the customized SSL certificate.
  1. On the SSL Certificate page, click Customize.

    The page for customizing SSL certificate information is displayed.

  2. In the Import Custom Certificate (Optional) area, import an SSL certificate.
    1. Click Browse next to Certificate, and select the SSL certificate file to be imported.

      The certificate must be in the format of .pfx and .p12 and cannot exceed 100 KB in size.

    2. In the Certificate Password text box, enter a password to ensure certificate security during transmission.

      If the certificate is protected by a password, you must enter the password. Otherwise, the certificate cannot be uploaded.

    3. Click Import.
      NOTE:
      If the size of the file to be uploaded exceeds 100 MB, a message indicating a page request failure is displayed. You can refresh the page to resolve this issue.

      The certificate is successfully uploaded to the server if the following information is displayed:

      Certificate imported successfully. The new certificate takes effect after the iBMC is restarted.

      Click Restart Now to restart the iBMC immediately or click Restart Later to restart the iBMC later.

Adding the Root Certificate to the Browser
NOTE:
If the SSL certificate is self-generated (not obtained from a CA organization), check whether the browser has the root certificate.
The following uses Internet Explorer as an example to describe how to view and add a root certificate in the browser.
  1. Open Internet Explorer.
  2. On the toolbar, choose Tools > Internet Options.

    The Internet Options dialog box is displayed.

  3. On the Content tab page, click Certificates.

    The Certificates dialog box is displayed.

  4. On the Trusted Root Certification Authorities tab page, check whether the SSL certificate issuer is listed.
    • If yes, go to 5.
    • If no, go to 6.
  5. Check whether the SSL certificate has expired.
    • If yes, go to 6.
    • If no, go to 7.
  6. On the Trusted Root Certification Authorities tab page, click Import.

    Import the root certificate as prompted.

  7. Open Internet Explorer again, and check whether the icon is displayed on the address bar.
    • If yes, no further action is required.
    • If no, contact technical support.
Translation
Download
Updated: 2019-02-28

Document ID: EDOC1100019360

Views: 76946

Downloads: 384

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next