Settings: Security > Security panel screen details

  

 next

Security panel screen details

Security/Edit Security screen details

This Security and Edit Security screens display the following key security information:

  • Whether local logins are enabled or disabled

  • The name of the directory service used, if applicable

  • An optional Login message and acknowledgement requirement

  • Public Key

From this section, you can display the certificate settings and invoke the procedure to acquire the Hewlett Packard Enterprise public key.

Screen component Description
Authentication
Allow Local login

Checkbox displays whether or not users can log in locally to the appliance. Otherwise, logging in requires a directory service for authenticating logins. For more information, see Allow local logins.
Default directory

Menu selection displays either the name of the preferred directory service or Local for local logins.

If no directory service is added, Local is displayed.

See About directory service authentication.
Service console access

Menu selection displays whether or not access to the console (for an authorized support representative) is permitted.
Login
Message

Text field for a custom message displayed in the login screen.
Require acknowledgement

Checkbox displays whether or not users must acknowledge the Message before the fields for the user name and password are displayed.
Directories

Lists the directory services for authenticating logins that are available.

If no directory service is added, No directories is displayed.

For each authentication directory service that is added to appliance:

Click Add directory to add a directory service.
Hewlett Packard Enterprise Public Key

Click Display Content to display the content of the public key. Use this key to verify the authenticity of updates.

Add/Edit Directory screen details

Screen component Description
Directory

The name of the authentication directory service.

Data type:

Uppercase and lowercase alphanumeric characters and special characters

Example:

Corporate Address List - Region 2
Directory type

The type of authentication directory service, OpenLDAP or Active Directory.
Base DN

The data specifies the starting location that the authentication directory service uses to find users. Enter the domain component or the top of the directory tree so that the user directory can be located:

dc=example,dc=com

Data type:

Uppercase and lowercase alphanumeric characters and special characters.
User naming attribute (OpenLDAP only)

Either UID or CN, as needed.
Organizational unit (OpenLDAP only)

The additional information needed to locate the group in the OpenLDAP structure, starting with the Organizational Unit (OU).

Example:

OU=Engineering

OpenLDAP allows the configuration of multiple user and group OUs.

All the OUs in which the user accounts reside must be explicitly configured, but groups are searched in the subtree.

For example, consider a configuration in which the user accounts are present under:

  • ou=people and

  • ou=admins,ou=people

and groups are present under:

  • ou=groups and

  • ou=IT-groups,ou=groups

To explicitly configure different user and group OUs, the OU entries in this screen would resemble the following:

OU 1: ou=people
OU 2: ou=admins,ou=people
OU 3: ou=groups
OU 4: ou=IT-groups,ou=groups

To perform a subtree search for all the groups under ou-groups, the OU entries in this screen would resemble the following:

OU 1: ou=people
OU 2: ou=admins,ou=people
OU 3: ou=groups
Add (OpenLDAP only)

Generates an additional Organizational unit field.
User name and Password

The credentials of the authentication directory service administrator account that enable the appliance to log in to the directory server and validate the connection.
[NOTE: ]

NOTE: The user name and password are not saved on the appliance.

For Microsoft Active Directory user name login:

  • The @ character implies the User-Principal_Name.

  • The \ character implies a domain\login entry.

If these types of entries do not succeed, the user account is tried in the following order:

  • directory\login. For example, if the directory name is configured as asiapacific and the user account is Neil, then the login asiapacific\Neil would be attempted.
    [NOTE: ]

    NOTE: Directory names are not case-sensitive.

  • The user identifier (UID).

  • The common name (CN).
Directory servers

The name of the server that hosts the authentication directory service.

For more information, see Add Directory Server screen.

See also  

Add an authentication directory service

Add Directory Server screen details

A directory server is the physical or virtual machine that hosts the authentication directory service.

Screen component Description
IP address or host name

The IP address or host name of the server that hosts the authentication directory service. You must specify this information so that the appliance can access it.

Examples:

192.0.2.0

corpldap.example.com
Port

The LDAPS (LDAP over SSL) port to be used.

The appliance and the authentication directory service use LDAPS when communicating.

Data type:

Numeric characters

Default values:

636 (SSL)

3269 (SSL Global Catalog searches)
Specify certificate

Installing a certificate ensures integrity and authenticity between the appliance and the authentication directory service.

If you leave this check box unchecked, the appliance attempts to fetch the server certificate chain and trusts the topmost certificate (either root CA or intermediate CA) that it can reach.

Selecting this check box reveals the Directory server certificate field in which you can paste an X509 certificate that you copied from the directory service provider.
[NOTE: ]

NOTES:

  • The public key for the directory server certificate must be based on an RSA algorithm. Non-RSA based public keys are not supported.

  • If directory-server-host is a DNS server that uses a load balancing method, also referred to as round robin DNS, you will need to get the certificate for the server using its IP address.

    You can retrieve the IP address for a round robin DNS server with the nslookup command. For example, if the server is regionspecific.cpqcorp.net, retrieve its IP address with the command:

    nslookup regionspecific.cpqcorp.net

See also  

Add an authentication directory service

Certificate screen details

The Certificate screen displays the details of certificate for the appliance. The certificate is either self-signed or obtained from a certificate authority.

For information on creating a self-signed certificate, see Create a self-signed certificate.

For information on creating a certificate signing request for a certificate authority, see Create a certificate signing request.

For information on importing a certificate, see Import a certificate.

Screen component Description
Certificate

Information about the certificate

Cert common name (CN)

The certificate common name. For a self-signed certificate, this is the fully qualified host name.

Issued by

The issuer of the certificate. For a self-signed certificate, this is the fully qualified host name.

Valid from

The date and time when the certificate became valid.

Valid until

The date and time when the certificate will cease to be valid.

Serial number

The serial number of the certificate

Version

The version number of the certificate
MD5 fingerprint

The public key encoded using the MD5 (Message-Digest Algorithm) cryptographic hash function
SHA1 fingerprint

The public key encoded using the SHA-1 (Secure Hash Algorithm) cryptographic hash function
Required information

Displays the required information that was entered for the certificate

Country (C)

The country where you are located

State or province (ST)

The state or province where you are located

City or locality (L)

The city, town, or village where you are located

Organization name (O)

The name of your organization
Optional information

Displays the optional information that was entered for the certificate. Some fields might be empty.

Organizational unit

The name of your department, for example

Alternative name

The alternative name of the appliance

Contact person

The name of the person to contact

Email address

The email address of the contact person

Surname

The contact person's family name
Given name

The contact person's first name

Initials

The contact person's initials

DN qualifier

The distinguished name qualifier, which further identifies the certificate recipient
Certificate signing request attributes

Displays attributes defined by the certificate authority

Unstructured name

Defined by the certificate authority

Create Certificate Signing Request screen details

Screen component Description
Required information

The certificate authority requires these entries to identify who is applying for the certificate.

Country (C) The country where you are located
State or province (ST) The state or province where you are located
City or locality (L) The city, town, or village where you are located
Organization name (O) The name of your company or department, for example
Common name (CN) The fully qualified host name of the appliance
Optional information

These entries are optional.

Organizational unit

The name of your department, for example
Alternative name

The alternative name of the appliance
Contact person

The name of the person to contact
Email address

The email address of the contact person
Surname

The contact person's family name
Given name

The contact person's first name
Initials

The contact person's initials
DN qualifier

The distinguished name qualifier, which further identifies the certificate recipient
Challenge password

The password required by the certificate authority
Confirm password

The challenge password for confirmation
Unstructured name

Defined by the certificate authority

Consult the certificate authority's administrator or documentation for more information.

See also 

Create Self-Signed Certificate screen details

Screen component Description
Required information

These entries are required for the certificate.

Country (C) The country where you are located
State or province (ST) The state or province where you are located
City or locality (L) The city, town, or village where you are located
Organization name (O) The name of your company or department, for example
Common name (CN) The fully qualified host name of the appliance
Optional information

These entries are optional.

Organizational unit The name of your department, for example
Alternative name The alternative name of the appliance
Contact person The name of the person to contact
Email address The email address of the contact person
Surname The contact person's family name
Given name The contact person's first name
Initials The contact person's initials
DN qualifier

The distinguished name qualifier, which further identifies the certificate recipient

See also  

prev

 

up

 next

About directory service authentication 

home

 Create a certificate signing request

Copyright © 2013, 2016 Hewlett Packard Enterprise Development LP