Web Services
Function Description
On the Web Services page, you can perform the following operations:
- View and set basic attributes of the web service
- View the SSL certificate in use.
- Customize and import SSL certificates.
The SSL certificate sets up an SSL security channel over HTTPS between the web browser on the client and the web server to transmit encrypted data between the client and server and prevent data disclosure. SSL ensures the security of transmitted information and is used for verifying the authenticity of the website to be accessed. Servers allow you to replace SSL certificates. For security purposes, replace the certificates and public and private key pair in a timely manner to ensure certificate validity.
- The SSL certificate can be a single SSL certificate or certificate chain that is less than 10 levels.
- The certificate must be in the .crt, .cer, .pem, .pfx, or .p12 format. The certificate in the .crt, .cer, or .pem format cannot exceed 1 MB. The certificate file in the .pfx or .p12 format cannot exceed 100 KB.
- MD5 is a weak signature algorithm, which poses security risks. The iBMC does not support the import of MD5 certificates.
Parameter Description
Area |
Parameter |
Description |
|---|---|---|
Basic Settings |
HTTP |
Supports Internet browsing and translates Hypertext Transfer Protocol (HTTP) pages. The Web Server (HTTP) service is enabled by default to establish a connection between the browser and iBMC. After the connection is set up, the secure protocol HTTPS is used. NOTE:
If HTTP service is disabled, it cannot be automatically switched to the HTTPs service after you enter http:iBMC management network port IP address in the address box of the browser. |
HTTPS |
Supports Internet browsing and translates Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) pages or Redfish Protocol. NOTE:
If the HTTP service is disabled, you cannot log in to the iBMC WebUI using a browser. |
|
Port |
Port number used for a service. Value range: 1 to 65535 |
|
Timeout Period (min) |
Maximum idle period (in minutes) after which the user will be logged out of the iBMC WebUI. Value range: 5 to 480 Default value: 5 |
|
Session Mode |
Mode in which a user account can be used to log in to the iBMC WebUI
|
|
SSL Certificate |
Issued By |
Information about the issuer of the SSL certificate, including:
|
Issued To |
Information about the user (current iBMC) of the SSL certificate SSL. The fields contained in Issued To are the same as those in Issued By. NOTE:
Set CN to the server fully qualified domain name (FQDN), that is, Host name.Domain name. |
|
Validity Period |
Validity period of the SSL certificate. |
|
Serial Number |
Serial number of the SSL certificate, which is used for identifying and migrating the certificate. |
Customizing SSL Certificate Information and Importing an SSL Certificate
- Perform this operation when you want to apply for an SSL certificate.
- For security purposes, periodically update the certificate.
- On the SSL Certificate area, click Customize.
The page for customizing SSL certificate information is displayed, as shown in Figure 3-48.
- Select Generate CSR, enter the certificate signing request (CSR) information, and click Generate.
- Send the exported CSR file to the SSL certificate authority and apply for an SSL certificate.
After obtaining the formal SSL certificate, save it to the client.
- Select Import Server Certificate in Customize Certificate dialog box.
- Select the formal SSL certificate from the local client.
- The certificate must be in the .crt, .cer, .pem, .pfx, or .p12 format. The certificate in the .crt, .cer, or .pem format cannot exceed 1 MB. The certificate file in the .pfx or .p12 format cannot exceed 100 KB.
- MD5 is a weak signature algorithm, which poses security risks. The iBMC does not support the import of MD5 certificates.
- click OK.
- Enter the certificate password in Certificate Password.
- Click OK.
The certificate takes effect immediately after being imported.
A CSR file correlates with the server certificate applied from the CA organization. Do not generate a new CSR file before importing the server certificate. Otherwise, the original CSR file is overwritten by the new CSR file and cannot be recovered. You have to use the new CSR file to apply for a new server certificate from the CA organization.
- Log in to the iBMC WebUI again.
Importing an SSL Certificate
- Perform this operation only when an SSL certificate is available on the client.
- For security purposes, use a secure encryption algorithm, for example RSA2048, to encrypt the customized SSL certificate.
- For security purposes, periodically update the certificate.
- On the SSL Certificate page, click Customize.
The page for customizing SSL certificate information is displayed.
- Select Import Server Certificate.
- Select the SSL certificate file to be imported.
- The certificate must be in the .crt, .cer, .pem, .pfx, or .p12 format. The certificate in the .crt, .cer, or .pem format cannot exceed 1 MB. The certificate file in the .pfx or .p12 format cannot exceed 100 KB.
- MD5 is a weak signature algorithm, which poses security risks. The iBMC does not support the import of MD5 certificates.
- Click OK.
- Enter the certificate password in Certificate Password.
- Click OK.
The certificate takes effect immediately after being imported.
If the size of the file to be uploaded exceeds 100 MB, a message indicating a page request failure is displayed. You can refresh the page to resolve this issue.
- Log in to the iBMC WebUI again.