Safeguard for Privileged Passwords allows you to store backup files on an external archive server.
To archive a backup file
In the Archive Servers selection dialog, choose an archive server.
NOTE: You can add an archive server from the Archive Servers selection dialog by clicking the Add Archive Server toolbar button.
Safeguard for Privileged Passwords copies the backup file to the archive server.
To configure the appliance backup retention settings
Once Safeguard for Privileged Passwords saves the maximum number of backup files, next time it performs a backup, it deletes the backup file with the oldest date.
Use the Certificate settings to manage the certificates used to secure One Identity Safeguard for Privileged Passwords. The panes on this page display default certificates that can be replaced or user-supplied certificates that have been added to Safeguard for Privileged Passwords.
Navigate to Administrative Tools | Settings | Certificates.
Where you manage the audit log signing certificate used to validate audit logs stored on an archive server.
|Certificate Signing Request||Where you can view and manage certificate signing requests (CSRs)|
|Sessions Certificates||Where you manage session certificates, including installing session certificates or creating CSRs to enroll a sessions certificate. If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, assigning the certificate is handled via Safeguard for Privileged Sessions.|
|SSL Certificates||Where you manage SSL certificates, including installing SSL certificates or creating CSRs to enroll a public SSL certificate.|
|Trusted Certificates||Where you add and manage certificates trusted by Safeguard for Privileged Passwords, for example your company's root Certificate Authority (CA) certificate.|
One Identity Safeguard for Privileged Passwords ships with the following default certificates which are meant to be replaced:
A self-signed SSL certificate for HTTPS.
The name of the SSL certificate matches the hostname of the Safeguard for Privileged Passwords Appliance and uses the appliance's default IP addresses as the Subject Alternative Name (SAN).
A self-signed Certificate Authority (CA) certificate used by the Privileged Sessions module that generates server SSL certificates on-the-fly to secure RDP connections when an RDP session is initiated using Safeguard for Privileged Passwords. The "requester" must accept the certificate in order to launch a remote desktop session.
Safeguard for Privileged Passwords allows you to specify the security certificates to be used. When replacing or adding certificates, keep the following considerations in mind: