Safeguard for Privileged Passwords enables an Appliance Administrator to upload SSL certificates with private keys or enroll SSL certificates via a CSR.
Initially, the default self-signed SSL certificate used for HTTPS is listed and assigned to the appliance. This default certificate is not a trusted certificate and should be replaced.
Navigate to Administrative Tools | Settings | Certificates | SSL Certificates. The SSL Certificates pane displays the following information for the SSL certificates stored in the database.
Property | Description |
---|---|
Appliances |
Lists the name of the appliance to which the certificate is assigned. |
Subject |
The name of the subject (such as user, program, computer, service or other entity) assigned to the certificate when it was requested. |
Alternate DNS Names |
Additional or alternate host names (such as, IP addresses, sites, common names) that were specified when the certificate was requested. For the default self-signed SSL certificate, the name and IP address of the appliance is used. |
Invalid Before |
A "start" date and time that must be met before a certificate can be used. |
Expiration Date |
The date and time when the certificate expires and can no longer be used. |
Thumbprint |
A unique hash value that identifies the certificate. |
Issued By |
The name of the certificate authority (CA) that issued the certificate. |
Use these toolbar buttons to manage SSL certificates.
Option | Description |
---|---|
Upload an SSL certificate. | |
Create a CSR to enroll a certificate. For more information, see Creating a Certificate Signing Request. | |
Assign the selected certificate to one or more appliances. For more information, see Assigning a certificate to appliances. | |
Unassign the selected certificate from one or more appliances. | |
Delete the selected certificate from Safeguard for Privileged Passwords. | |
Update the list of SSL certificates available (uploaded to Safeguard for Privileged Passwords). |
After the certificate has been uploaded, assign the certificate to one or more appliances. For more information, see Assigning a certificate to appliances.
You may also upload the certificate's root CA to the list of trusted certificates. For more information, see Trusted Certificates.
A certificate signing request (CSR) is submitted to a Certificate Authority (CA) to obtain a digitally signed certificate. When creating a CSR, you uniquely identify the user or entity that will use the requested certificate. Safeguard for Privileged Passwords allows you to upload or enroll SSL certificates using CSRs. Once uploaded or enrolled, the SSL certificate is added to the SSL certificate store allowing you to assign it to one or more Safeguard for Privileged Passwords Appliances.
Subject (Distinguished Name): Enter the distinguished name of the person or entity to whom the certificate is being issued. Maximum length of 500 characters.
|
Note: Click Use Distinguished Name Creator to create the distinguished name based on fully-qualified domain name, department, organization unit, locality, state/county/region, and country. |
Key Size: Select the bit length of the private key pair:
4096
|
NOTE: The bit length determines the security level of the SSL certificate. A higher bit length means stronger security. |
Click OK to save your selections and enroll the certificate.
Certificates enrolled via CSR are listed in the SSL Certificates pane and the Certificate Signing Request pane.
Safeguard for Privileged Passwords supports an SSL certificate store that is owned by the cluster. This allows you to assign any SSL certificate that you have previously uploaded or enrolled via CSR to any appliance in your clustered environment.
To assign a certificate to appliances
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy