立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 6.0.6 LTS - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Search box Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions SPP glossary

Creating a Certificate Signing Request (CSR)

A certificate signing request (CSR) is submitted to a Certificate Authority (CA) to obtain a digitally signed certificate. When creating a CSR, you uniquely identify the user or entity that will use the requested certificate. Safeguard for Privileged Passwords allows you to upload or enroll SSL certificates using CSRs. Once uploaded or enrolled, the SSL certificate is added to the SSL certificate store allowing you to assign it to one or more Safeguard for Privileged Passwords Appliances.

To create a CSR for SSL

  1. Navigate to Administrative Tools | Settings | Certificates | SSL Certificates.
  2. Click Add Certificate and select Create Certificate Signing Request (CSR).
  3. In the Certificate Signing Request dialog, enter the following information:
    1. Subject (Distinguished Name): Enter the distinguished name of the person or entity to whom the certificate is being issued. Maximum length of 500 characters.

      Note: Click Use Distinguished Name Creator to create the distinguished name based on fully-qualified domain name, department, organization unit, locality, state/county/region, and country.

    2. Alternate DNS Names: Optionally, enter additional host names (such as, IP addresses, sites, common names) that are to be protected by this certificate.
    3. Key Size: Select the bit length of the private key pair:

      • 1024
      • 2048 (default)
      • 4096

      NOTE: The bit length determines the security level of the SSL certificate. A higher bit length means stronger security.

  4. Click OK to save your selections and enroll the certificate.

    Certificates enrolled via CSR are listed in the SSL Certificates pane and the Certificate Signing Request pane.

Assigning a certificate to appliances

Safeguard for Privileged Passwords supports an SSL certificate store that is owned by the cluster. This allows you to assign any SSL certificate that you have previously uploaded or enrolled via CSR to any appliance in your clustered environment.

To assign a certificate to appliances

  1. Navigate to Administrative Tools | Settings | Certificates | SSL Certificates.
  2. Select a certificate from the grid and click the Assign Certificate to Appliance(s) toolbar button.
  3. In the Appliances selection dialog, select one or more appliances and click OK to save your selection.

Trusted Certificates

It is the responsibility of the Appliance Administrator to add or remove trusted root certificates to the Safeguard for Privileged Passwords Appliance, if necessary, in order for the SSL certificate to resolve the chain of authority. When Safeguard for Privileged Passwords connects to an asset that has the Verify SSL Certificate option enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the trusted certificate store.

Navigate to Administrative Tools | Settings | Certificates | Trusted Certificates. The Trusted Certificates pane displays the following information for the user-supplied certificates added to the trusted certificate store.

Table 139: Trusted certificates: Properties
Property Description
Subject The name of the subject (such as user, program, computer, service or other entity) assigned to the certificate when it was requested.
Invalid Before A "start" date and time that must be met before a certificate can be used.
Expiration Date The date and time when the certificate expires and can no longer be used.
Thumbprint A unique hash value that identifies the certificate.
Issued By The name of the certificate authority (CA) that issued the certificate.

Adding a trusted certificate

Prior to adding an asset that uses SSL server certificate validation, add the certificate's root CA and any intermediate CAs to the Trusted Certificates store in Safeguard for Privileged Passwords.

To add a trusted certificate

  1. Navigate to Administrative Tools | Settings | Certificates | Trusted Certificates.
  2. Click  Add Certificate from the details toolbar.

  3. Browse to select a certificate file (DER Encoded file: .cer or .der).
  4. Click Open to add the selected certificate file to Safeguard for Privileged Passwords.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级