Security screen details

Edit Security screen details

This panel displays the following key security information:

Whether local logins are enabled or disabled
The name of the directory service used, if applicable
The common name specified in the SSL certificate
The SSL certificate’s expiration date

From this section, you can display the certificate settings and invoke the procedure to acquire the HP public key.

Screen component

Description

Authentication

Name

Description

Local login

Displays whether or not users can log in locally to the appliance. Otherwise, logging in requires a directory service for authenticating logins.

Default directory

Displays either the name of the preferred directory service or Local for local logins.

If no directory service is added, Local is displayed.

See About directory service authentication.

Directories

Lists the directory services for authenticating logins that are available.

If no directory service is added, No directories is displayed.

For each authentication directory service that is added to appliance:

The name of the authentication directory service
The Edit icon, which lets you change the authentication directory service settings.
The Delete icon, which lets you remove the authentication directory service.

Click Add directory to add a directory service.

Certificate

Displays the settings of the SSL certificate. For more information, see Certificate screen details.

HP Public Key

Click Display Content to display the content of the HP public key.

Add Directory screen details

Screen component Description

Directory

Enter the name of the authentication directory service.

Data type:	Uppercase and lowercase alphanumeric characters and special characters
Required:	Yes
Example:	`Corporate Address List - Region 2`

Directory type

Select the type of authentication directory service.

Search context

The authentication directory service provider determines the combination of attributes required to construct directory bind operations.

Usually, these components comprise the distinguished name (DN), which is constructed internally using your entries in the search context fields and the user name specified in the screen.

Typically, the distinguished name is defined by the following:

CN (common name) or UID (user identifier)

Usually, the CN attribute identifies the user or group.
OU (organizational unit)
DC (domain component)

The data specifies the starting location that the authentication directory service uses to find users.

Example: Active Directory

For a single search context where the user and a group reside in CN=Users in Active Directory and the DN is: CN=Administrator, CN=Users, DC=examplecorp, DC=com, enter it as follows:

First text box:	Second text box:	Third text box:
`CN`	`CN=Users`	`DC=example, DC=com`

Example: OpenLDAP

For a single search context where the user resides in the container OU=Users and a group resides in the container OU=Groups in OpenLDAP and the DN is: CN=Administrator, OU=Users, DC=examplecorp, DC=com, enter it as follows:

First text box:	Second text box:	Third text box:
`CN`	`OU=Users`	`DC=example, DC=com`


	IMPORTANT: For more information about LDAP and Active Directory configuration, see the HP CloudSystem Administrator Guide at Enterprise Information Library.

User name and Password

Enter the credentials of the authentication directory service administrator account to enable the appliance to log in to the directory server and validate the connection.

Directory server

The name of the server that hosts the authentication directory service.

Select Add a directory server to open the Add Directory Server screen.

Add Directory server screen details

A directory server is the physical or virtual machine that hosts the authentication directory service.

Screen component Description

IP address or host name

The IP address or host name of the server that hosts the authentication directory service. You need to specify this information so that the appliance can access it.

Examples:

192.0.2.0

corpldap.example.com

Directory server port

The LDAPS (LDAP over SSL) port to be used.

The appliance and the authentication directory service use LDAPS protocol when communicating.

Data type:	Numeric characters
Default value:	636

Directory server certificate

Installing a certificate ensures integrity and authenticity between the appliance and the authentication directory service.

Obtain an X509 certificate for the server from the authentication directory service provider, copy it, and paste it into this box. The certificate ensures the integrity of communication between the appliance and the authentication directory service.

Use the following command to obtain the directory server certificate:

openssl s_client –host directory-server-host -port 636

NOTE: If directory-server-host is a DNS server that uses a load balancing method, also referred to as round robin DNS, you will instead need to get the certificate for the server using its IP address.

You can retrieve the IP address for a round robin DNS server with the nslookup command. For example, if the server is regionspecific.cpqcorp.net, retrieve its IP address with the command:

nslookup regionspecific.cpqcorp.net

Certificate screen details

The Certificate screen displays the details of certificate for the appliance. The certificate is either self-signed or obtained from a certificate authority.

Screen component

Description

Certificate

Information about the certificate

Name	Description
Cert common name (CN)	The certificate common name. For a self-signed certificate, this is the fully qualified host name.
Issued by	The issuer of the certificate. For a self-signed certificate, this is the fully qualified host name.
Valid from	The date and time when the certificate became valid.
Valid until	The date and time when the certificate will cease to be valid.
Serial number	The serial number of the certificate
Version	The version number of the certificate
MD5 fingerprint	The public key encoded using the MD5 (Message-Digest Algorithm) cryptographic hash function
SHA1 fingerprint	The public key encoded using the SHA-1 (Secure Hash Algorithm) cryptographic hash function

Required information

Displays the required information that was entered for the certificate

Name	Description
Country (C)	The country where you are located
State or province (ST)	The state or province where you are located
City or locality (L)	The city, town, or village where you are located
Organization name (O)	The name of your organization

Optional information

Displays the optional information that was entered for the certificate. Some fields might be empty.

Name	Description
Organizational unit	The name of your department, for example
Alternative name	The alternative name of the appliance
Contact person	The name of the person to contact
Email address	The email address of the contact person
Surname	The contact person's family name
Given name	The contact person's first name
Initials	The contact person's initials
DN qualifier	The distinguished name qualifier, which further identifies the certificate recipient

Certificate signing request attributes

Displays attributes defined by the certificate authority

Name	Description
Unstructured name	Defined by the certificate authority

See also

Settings: Security

prev	up	next
Access to the appliance console	home	Obtain and install the HP public key