Retina CS: Using Strong Certificates



Similar documents
Understanding BeyondTrust Patch Management

How To Manage A Privileged Account Management

October Application Control: The PowerBroker for Windows Difference

Privilege Gone Wild: The State of Privileged Account Management in 2015

PowerBroker for Windows

Integrated Citrix Servers

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Privilege Gone Wild: The State of Privileged Account Management in 2015

RealShot Manager Compression Server software

PowerBroker for Windows Desktop and Server Use Cases February 2014

Secure Agent Quick Start for Windows

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Installation Guide Supplement

Legacy Applications and Least Privilege Access Management

Best Practices. Understanding BeyondTrust Patch Management

SecureW2 Client for Windows User Guide. Version 3.1

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Lab 05: Deploying Microsoft Office Web Apps Server

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Generating SSH Keys and SSL Certificates for ROS and ROX Using Windows AN22

Active Directory Change Notifier Quick Start Guide

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

Wavecrest Certificate

NCD ThinPATH Load Balancing Startup Guide

How To Install Outlook Addin On A 32 Bit Computer

ACTi NVR Config Converter User s Manual. Version /06/07

Oracle Enterprise Manager

Oracle Enterprise Manager. Description. Versions Supported

Security whitepaper. CloudAnywhere.

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

hp digital home networking wireless USB network adapter hn210w quick start guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Archiving User Guide Outlook Plugin. Manual version 3.1

Client Authenticated SSL Server Setup Guide for Microsoft Windows IIS

Shavlik Patch for Microsoft System Center

How to Configure a Secure Connection to Microsoft SQL Server

Front-Office Server 2.7

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Server Installation Guide ZENworks Patch Management 6.4 SP2

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

How to Secure a Groove Manager Web Site

WHITE PAPER. Take Back Control of Your Active Directory Auditing

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

Improving Performance of Microsoft CRM 3.0 by Using a Dedicated Report Server

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Symantec Managed PKI. Integration Guide for ActiveSync

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Preparing Your Server for an MDsuite Installation

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Crystal Reports Developer 11 Installation Guide

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Server Installation ZENworks Mobile Management 2.7.x August 2013

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Omniquad Exchange Archiving

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

RedBlack CyBake Online Customer Service Desk

DameWare Server. Administrator Guide

Integrate Cisco IronPort Web Security Appliance (WSA)

Three Ways to Secure Virtual Applications

Dell Statistica Statistica Enterprise Installation Instructions

VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

Foglight. Foglight for Virtualization, Free Edition Installation and Configuration Guide

NCD ThinPATH Load Balancing Startup Guide versions and 2.8.1

Microsoft Corporation. Status: Preliminary documentation

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

EventTracker: Support to Non English Systems

Contents Notice to Users

Simba ODBC Driver with SQL Connector for Apache Cassandra

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Citrix Systems, Inc.

Configuring WMI on Windows Vista and Windows Server 2008 for Application Performance Monitor

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Applying the Principle of Least Privilege to Windows 7

Strong Authentication for Juniper Networks

Application Note Gemalto.NET 2.0 Smart Card Certificate Enrollment using Microsoft Certificate Services on Windows 2008

Deployment Guide ICA Proxy for XenApp

technical brief Multiple Print Queues

Remote Filtering Software

RSA Security Analytics

TIBCO MFT BusinessWorks MFT Palette

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

Secure IIS Web Server with SSL

Quick Start Guide For Ipswitch Failover v9.0

Generating an Apple Push Notification Service Certificate

Universal Management Service 2015

INSTALLATION GUIDE. AXIS Camera Station

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

AccelPro SSL VPN v3.1.9 AccelPro SSL VPN. End User Installation Guide for Director General Of Hydro Carbon Users

Symantec LiveUpdate Administrator. Getting Started Guide

Transcription:

Documentation Retina CS: Using Strong Certificates November 2012 www.beyondtrust.com BeyondTrust 2173 Salk Avenue Carlsbad, California 92008 Phone: +1 818-575-4000

2012 Beyond Trust. All Rights Reserved. Warranty This document is supplied on an "as is" basis with no warranty and no support. This document contains information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated to another language without the prior written consent of BeyondTrust. Limitations of Liability In no event shall BeyondTrust be liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages (including lost profit or lost data) whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material. The information contained in this document is subject to change without notice. No trademark, copyright, or patent licenses are expressly or implicitly granted (herein) with this white paper. For the latest updates to this document, please visit: http://www.beyondtrust.com Disclaimer All brand names and product names used in this document are trademarks, registered trademarks, or trade names of their respective holders. BeyondTrust is not associated with any other vendors or products mentioned in this document. Using Strong Certificates 2 2012. BeyondTrust Software, Inc.

Table of Contents Introduction... 4 Requirements... 4 Configure the Registry... 4 Remove Existing Certificates... 5 Generate a Strong Certificate... 7 Generate new SSL certificate for IIS... 8 Updating SSRS... 9 Import the Certificates... 9 About BeyondTrust Software... 10 Using Strong Certificates 3 2012. BeyondTrust Software, Inc.

Introduction To apply strong certificates in Retina CS (or REM), run through the procedures in this guide. Configure the Registry (Retina CS or REM host) Remove Existing certificates (Retina CS or REM host) Generate a Strong Certificate (Retina CS or REM host) Generate a new SSL Certificate for IIS Import the Certificates ( target computers) Requirements Ensure the following requirements are met before proceeding: Windows XP targets need Service Pack 3 installed. Windows 2003 Server need Microsoft KB938397 applied. If you are using REM 1505 appliances, ensure the KB is applied. Configure the Registry Configure the registry for generating 1024/2048 bit certificates. By default the certificates are generated with a public key on 512 bits. 1. Run the regedit tool. 2. Go to LOCAL_MACHINE\Software\eEye\EMS for 32 bit systems or LOCAL_MACHINE\Software\Wow6432Node\eEye\EMS for 64 bit systems 3. Create a DWORD (32 bit) value named UseStrongCerts. 4. Set UseStrongCerts to: 1 for 1024 bit certs 2 for 2048 bit certs Using Strong Certificates 4 2012. BeyondTrust Software, Inc.

Remove Existing Certificates Remove old certificates (eeyeemsclient, eeyeemsserver, eeyeemsca) from the certificates store. 1. Run the mmc tool. 2. Go to File->Add/Remove Snap-in. 3. Add the Certificates Snap-in using Computer account on the Local Computer. 4. Remove client and server certificates from Personal store. Using Strong Certificates 5 2012. BeyondTrust Software, Inc.

5. Remove the eeyeemsca certificate from Trusted Root Certification Authorities. Using Strong Certificates 6 2012. BeyondTrust Software, Inc.

Generate a Strong Certificate 1. Start the Retina CS configuration Tool. 2. Click the Certificate management link and generate a client certificate. Note: The password must be the same password that you use for Central Policy. 3. Click OK. 4. Confirm the certificate is created in the Certificate Manager snap-in. Using Strong Certificates 7 2012. BeyondTrust Software, Inc.

The Public key should be RSA (2048 Bits) or RSA (1024 Bits). Generate new SSL certificate for IIS You can generate a new SSL certificate for IIS using the Retina CS configuration tool. Clients with the patch will not be able to view the Retina CS website if IIS is bound with an SSL certificate with a key length of less than 1024 bits. Note: If you are using an SSL certificate for IIS that was signed by a third-party source (such as Thawte or VeriSign) and that certificate has a key length of less than 1024 bits, then you need to obtain a new certificate from your third-party source. 1. Run the Retina CS Configuration Tool (Start Menu->eEye Digital Security->Retina CS). 2. Select Certificate Management. 3. Select SSL certificate from the list, and then click OK. 4. The client certificate will then need to be exported and re imported on each agent. Using Strong Certificates 8 2012. BeyondTrust Software, Inc.

Updating SSRS If SSRS is on the same server as Retina CS and you are not using a custom SSL certificate. UVM20 and UVM50 would apply. 1. Run the Reporting Services Configuration Manager. 2. Select Web service URL. 3. In the Report Server Web Service Site identification section change the SSL certificate dropdown so that the SSL certificate that matches your machine name is selected. 4. Press the Apply button. Import the Certificates Note: The client certificate is copied to the following directory on the Retina CS server: C:\Program Files (x86)\common Files\eEye Digital Security\Shared Services Host\Certificates Run the following procedure on the target (client) computer. 1. Copy the EmsClientCert.pfx from the server to the target computer. 2. Delete any existing certificates (like you did on the server). 3. Run the REM Client Configuration tool (Start Menu->eEye Digital Security->Tools). 4. Import the EmsClientCert.pfx certificate using Client Configuration Tool (if the events were configured before go to the Certificates tab, if not the run the wizard). To verify that the certificate was imported correctly and the communication works click the Test Connection button on the Receiver Tab. Alternatively, you can remotely deploy certificates to multiple targets if you are running Blink (PowerBroker for Endpoint Protection Platform). Run the script eeyescript-updaterem.vbs located in the <BlinkDir>\Scripts directory. See KB000945 - http://www.eeye.com/support/knowledge-base/article.aspx?id=kb000945. Using Strong Certificates 9 2012. BeyondTrust Software, Inc.

About BeyondTrust Software BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. BeyondTrust offers consistent policy-driven, role-based access control, monitoring, logging, and reporting to protect internal assets from the inside out. The company s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, public, private, and hybrid cloud environments. With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity Management (PIM) solutions for heterogeneous IT environments. More than half of the companies listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers include eight of the world's 10 largest banks, seven of the world's 10 largest aerospace and defense firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities. The company is privately held, and headquartered in Carlsbad, California, with offices in the greater Los Angeles area, greater Boston area, Washington DC, as well as EMEA offices in London, UK. For more information, visit beyondtrust.com. Using Strong Certificates 10 2012. BeyondTrust Software, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information