Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 8.0 LTS - Administration Guide

Introduction System requirements Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Home page Privileged access requests Appliance Management
Appliance Backup and Retention Certificates Cluster Global Services External Integration Real-Time Reports Safeguard Access Appliance Management Settings
Asset Management
Account Automation Accounts Assets Partitions Discovery Profiles Tags Registered Connectors Custom platforms Importing objects
Security Policy Management
Access Request Activity Account Groups Application to Application Cloud Assistant Asset Groups Entitlements Linked Accounts User Groups Security Policy Settings
User Management Reports Vaults Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP and SPS join guidance Appendix C: Regular Expressions

Certificate Signing Request Properties

  • Subject: The distinguished name of the person or entity to whom the certificate is being issued.

  • Key Size: The bit length of the private key pair.

  • Alternate DNS Names: Additional or alternate host names (such as sites or common names) that were specified when the certificate was requested.

  • Alternate IP Addresses: Additional or alternate host names (such as IP addresses or common names) that were specified when the certificate was requested.

  • Key Usage Critical: Key usage is critical for this certificate.

  • Key Usage: The purpose of the key defined in the certificate.

  • Extended Key Usage Critical: Extended key usage is critical for this certificate.

  • Extended Key Usage: It indicates one or more purposes for which the certified public key might be used, in addition to or in place of the basic purposes indicated in the key usage extension.

  • Notes: Additional information of the certificate for user, if any.

Certificate Signing Request Toolbar

  • Create Certificate Signing Request (CSR): Create a new certificate signing request.

  • Delete Signing Request: Delete the selected CSR from SPP.

  • Edit: Modify the selected CSR.

    NOTE: After a CSR is created, you can only modify or add to the notes field.

  • Refresh: Update the list of CSRs.

  • Search: You can search by a character string or by a selected attribute with conditions you enter. To search by a selected attribute, click Search and select an attribute to search. For more information, see Search box.

Certificates

To add or share certificates, follow these steps.

To add a new certificate

  1. In the SPP web client, navigate to Vaults > Certificates.

  2. Click Upload Certificate. Select a certificate in one of the supported file formats to upload it. SPP can read most *.cer, *.crt, *.der, *.pfx, *.p12, and *.pem file formats.

  3. This is also how you redeem or fulfill a previously created certificate signing request that exists for your user in SPP. If the uploaded certificate’s public key matches the key of a CSR, SPP will automatically associate them to complete the CSR. The CSR will then be automatically deleted.

To share a certificate with another user or user group

  1. On the certificates section in the grid, click Edit.

  2. On the Edit dialog, set the following:

    • Owner: Assign certificate ownership to another user.

    • Owner group: Assign certificate ownership to a user group.

    • Private Key Shareable: To allow share members access to the private key, select this check box. Otherwise, they will only be granted access to the public portion of the certificate.

    • Passphrase Required: To require the share members to enter a password used to encrypt the certificate before allowing them to download it, select this check box.

      NOTE: This option is not typically used with just public key certificates.

    • Notify Days Before Expiration: Enter the number of days before the certificate’s expiration date that an email notification will be sent to the owner(s).

      NOTE: Only one email will be sent. SPP will not, for example, continue to send out emails.

    • Notify Days After Expiration: Enter the number of days after the certificate’s expiration date that an email notification will be sent to the owner(s).

    • (Optional) Notes: Enter any additional information about the certificate.

    • You can then add one or more users or user groups to share the certificate with:

      • Add Shared User: Add users with whom you want to share the certificate with.

      • Add Shared User Group: Add user groups with whom you want to share the certificate with.

    • To save the certificate share details, click Save .

To replace certificate with existing certificate

  1. Click Replace Certificate and select a new certificate to replace the selected item with. Certificates typically have an expiration date and need to be updated. To preserve the settings you might have configured, such as the list of shared users, use this option instead of uploading a completely new item.

Certificates Properties

  • Subject: The subject name (such as user, program, computer, service, or other entity) assigned to the certificate when it was requested.

  • Issued By: The name of the certificate authority (CA) that issued the certificate.

  • Thumbprint: A unique hash value that identifies the certificate.

  • Signature Algorithm: Algorithm which is used to sign this certificate.

  • Alternate DNS Names: Additional or alternate host names (such as sites or common names) that were specified when the certificate was requested.

  • Alternate IP Addresses: Additional or alternate IP addresses that were specified when the certificate was requested.

  • Invalid Before: The certificate will be treated as invalid if attempted to be used before this date.

    NOTE:SPP does not perform any certificate validation on the certificates being uploaded. It only attempts to read the properties and store the certificate.

  • Expiration Date: The date and time when the certificate expires and can no longer be used.

    NOTE:SPP does not perform any certificate validation on the certificates being uploaded. It only attempts to read the properties and store the certificate.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen