HPE IMC UAM Certificate Installation Guide

Similar documents
etoken Enterprise For: SSL SSL with etoken

Configuring a Windows 2003 Server for IAS

ECA IIS Instructions. January 2005

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Configuring Windows 7 to Use Encrypted (WPA-E) Wireless Services a...

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Using Internet or Windows Explorer to Upload Your Site

Internet Explorer 7 for Windows XP: Obtaining MIT Certificates

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

CruzNet Secure Set-Up Instructions for Windows Vista

Client Authenticated SSL Server Setup Guide for Microsoft Windows IIS

Using Microsoft Expression Web to Upload Your Site

IMPORTING AND EXPORTING CERTIFICATES IN IE AND FIREFOX FOR BPIA AND PRACS

NovaBACKUP xsp Version 12.2 Upgrade Guide

CWOPA Broadband Users. Windows Operating System

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

APNS Certificate generating and installation

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Installing LearningBay Enterprise Part 2

How to Access Coast Wi-Fi

Installing the Microsoft Network Driver Interface

Dial-up Installation for CWOPA Users (Windows Operating System)

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Wireless Network Configuration Guide

Active Directory integration with CloudByte ElastiStor

Secure Agent Quick Start for Windows

Integration with Active Directory

Wavecrest Certificate

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

NovaBACKUP xsp Version 15.0 Upgrade Guide

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

Microsoft Exchange 2010 and 2007

Using etoken for Securing s Using Outlook and Outlook Express

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

Defender Token Deployment System Quick Start Guide

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Airnet-Student is a new and improved wireless network that is being made available to all Staffordshire University students.

FTP Server Configuration

WHITE PAPER Citrix Secure Gateway Startup Guide

How to connect to the diamonds wireless network with Vista.

Windows Live Mail Setup Guide

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Entrust Managed Services PKI

Creating and Installing a Self Signed Certificate for PEAP/EAP-TLS Authentication

Setting up a VPN connection Windows XP

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

DMZ Server monitoring with

Massey University Wireless Network Client Configuration Windows 7

How to connect to VUWiFi

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Setting up Hyper-V for 2X VirtualDesktopServer Manual

JAVS Scheduled Publishing. Installation/Configuration... 4 Manual Operation... 6 Automating Scheduled Publishing... 7 Windows XP... 7 Windows 7...

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Account Create for Outlook Express

HP Device Manager 4.7

Census. di Monitoring Installation User s Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

SECURE USER GUIDE OUTLOOK 2000

Windows Vista: Connecting to the wireless network at Hood College

How to install and use the File Sharing Outlook Plugin

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Moving a database from MS Access to MS SQL server. Introduction. Selecting the database. Creating a Data Source

Avaya Modular Messaging Microsoft Outlook Client Release 5.2

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

eadvantage Certificate Enrollment Procedures

YubiKey PIV Deployment Guide

X.509 Certificate Generator User Manual

MultiSite Manager. Setup Guide

2. Unzip the file using a program that supports long filenames, such as WinZip. Do not use DOS.

MANUFACTURER RamSoft Incorporated 243 College St, Suite 100 Toronto, ON M5T 1R5 CANADA

Secure IIS Web Server with SSL

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

NAS 206 Using NAS with Windows Active Directory

Windows 8 & RT Wireless Configuration For NCC Student Owned Laptops

Backing up IMail Server using Altaro Backup FS

EID/ERESIDENCE CARD MIDDLEWARE

FTP, IIS, and Firewall Reference and Troubleshooting

Configuring Eduroam in Windows Vista

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Extension Wireless Access (EWA) v2.0

Setting Up SSL on IIS6 for MEGA Advisor

NTP Software File Auditor for Windows Edition

Quest Soft Token for Windows Mobile User Guide

Install MS SQL Server 2012 Express Edition

Shellfire L2TP-IPSec Setup Windows XP

Preface. Microsoft Office Sharepoint Server 2007 Integration Guide SafeNet, Inc. All rights reserved. Part Number: (Rev A, 06/2009)

Guide to Setup using Microsoft Outlook Express

Backing Up and Restoring Microsoft Exchange Server Cloud Attached Storage. August 2012 Version 3.2

Using Microsoft s CA Server with SonicWALL Devices

How do I set up a branch office VPN tunnel with the Management Server?

Defender EAP Agent Installation and Configuration Guide

Certificate Management for your ICE Server

Transcription:

HPE IMC UAM Certificate Installation Guide Part Number: 5200-1379 Document version: 2 The information in this document is subject to change without notice. Copyright 2016 Hewlett Packard Enterprise Development LP

Contents Introduction 1 Installing certificates on UAM 1 Downloading a root certificate 1 Requesting and installing a server certificate 2 Exporting a server certificate from Windows 4 Importing root and server certificates to UAM 9 Importing root and server certificates to UAM 7.0 (E0103) or earlier 9 Importing root and server certificates to UAM 7.0 (E0201) or later 11 Installing certificates on a client 13 Installing a root certificate 13 Requesting and installing a client certificate 14 i

Introduction This document provides the following certificate installation processes: Installing a root certificate and a server certificate in UAM. Installing a root certificate and a client certificate on a client. UAM supports certificate-based authentication on clients attempting to access the network. For a client to pass certificate-based authentication on UAM, you must first install the appropriate certificates on the client and UAM. The certificates required on the client and in UAM vary with the authentication scenario and authentication method, as shown in Table 1. Table 1 Certificates required on a client and UAM Authentication scenario Authentication method Certificates required on the client Certificates required in UAM User certificate authentication EAP-TLS EAP-TTLS EAP-PEAP Root certificate User certificate Root certificate Root certificate Server certificate Machine certificate authentication EAP-TLS Root certificate Machine certificate NOTE: Both the user certificate and machine certificate are client-side certificates that can be used to authenticate a client to UAM. User and machine certificates include the following differences: A user certificate uses the account name of an access user in UAM as the certificate name. A machine certificate uses the full name of a computer as the certificate name. Installing certificates on UAM In order for UAM to perform certificate-based authentication on users, perform the following tasks on the host where UAM is deployed: 1. Download a root certificate from the CA server and save it locally. 2. Request a server certificate and install the server certificate on the operating system of the host, and then export the certificate to a file. This example uses Windows. 3. Import the root certificate and server certificate to UAM. Downloading a root certificate 1. In Microsoft Internet Explorer, enter http://192.168.1.103/certsrv in the address bar. The Microsoft Active Directory Certificate Services page opens, as shown in Figure 1. In this example, 192.168.1.103 is the IP address of the CA server. 1

Figure 1 Microsoft Active Directory Certificate Services 2. Click Download a CA certificate, certificate chain, or CRL, as shown in Figure 2. Figure 2 Downloading a CA certificate 3. Click Download CA certificate to save the root certificate locally. Requesting and installing a server certificate 1. In Microsoft Internet Explorer, enter http://192.168.1.103/certsrv in the address bar. The Microsoft Active Directory Certificate Services page opens, as shown in Figure 3. In this example, 192.168.1.103 is the IP address of the CA server. 2

Figure 3 Microsoft Active Directory Certificate Services 2. Click Request a certificate. 3. Click Advanced certificate request. 4. Click Create and submit a request to this CA. The Advanced Certificate Request page opens. 5. Configure the advanced certificate request, as shown in Figure 4: a. Enter a server name in the Name field. This example uses Server. b. Select Server Authentication Certificate from the Type of Certificate Needed list. c. Select Microsoft Enhanced RSA and AES Cryptographic Provider(Prototype) from the CSP list. d. Select Mark keys as exportable to make sure the certificate can be exported. e. Use the default values for other parameters. Figure 4 Advanced Certificate Request 3

6. Click Submit to submit the certificate request to the CA. 7. (Optional.) On the Microsoft Active Directory Certificate Services page, click View the status of a pending certificate request, as shown in Figure 5. Figure 5 Microsoft Active Directory Certificate Services Figure 6 indicates that the certificate has been issued. Figure 6 Certificate Issued 8. On the Certificate Issued page, click Install this certificate. If the prompt Your new certificate has been successfully installed opens, the server certificate has been installed on the operating system, as shown in Figure 7. Figure 7 Certificate Installed Exporting a server certificate from Windows 1. On the host where UAM is deployed, select Start > Control Panel > Internet Options. The Internet Options dialog box opens, as shown in Figure 8. 4

Figure 8 Internet Options 2. Click the Content tab and click Certificates. 3. On the Personal tab, select the server certificate and click Export, as shown in Figure 9. 5

Figure 9 Selecting the server certificate 4. On the Certificate Export Wizard page, click Next, as shown in Figure 10. Figure 10 Certificate Export Wizard 6

5. On the Export Private Key page, select Yes, export the private key and click Next, as shown in Figure 11. Figure 11 Export Private Key 6. On the Export File Format page, use the default setting and click Next, as shown in Figure 12. Figure 12 Export File Format 7. On the Password page, set a password for the certificate and click Next, as shown in Figure 13. 7

Figure 13 Setting a password for the certificate 8. On the File to Export page, click Browse to select a path for storing the certificate and click Next, as shown in Figure 14. Figure 14 Selecting a local path for storing the certificate 9. On the Completing the Certificate Export Wizard page, click Finish, as shown in Figure 15. 8

Figure 15 Certificate Export Wizard Importing root and server certificates to UAM Importing root and server certificates to UAM 7.0 (E0103) or earlier 1. Log in to IMC. 2. Click the User tab. 3. From the navigation tree, select User Access Policy > Service Parameters > Certificate. The Certificate page opens, as shown in Figure 16. Figure 16 Certificate page 4. In the Certificate Verification area, click the Action icon for EAP Certificate. 5. Click Browse and select the local root certificate, as shown in Figure 17. 9

Figure 17 Selecting the root certificate 6. Click Next. The CRL configuration page opens, as shown in Figure 18. In this example, the CRL configuration is skipped. Figure 18 CRL configuration 7. Click Next. 8. On the Server Certificate page, configure the following parameters, as shown in Figure 19: a. Select the Private key is included in server certificate file option. b. Click Browse for the Server Certificate File field, and select the local server certificate. Figure 19 Selecting the server certificate 9. Click Next. 10. Enter the password in the Password of Server Private Key field, as shown in Figure 20. 10

Figure 20 Entering the server certificate key password 11. Click Next. The Certificate Preview page opens, as shown in Figure 21. Figure 21 Previewing the certificates 12. Click OK. Importing root and server certificates to UAM 7.0 (E0201) or later 1. Log in to IMC. 2. Click the User tab. 3. From the navigation tree, select User Access Policy > Service Parameters > Certificate. The Certificate page opens, as shown in Figure 22. Figure 22 Accessing the Certificate page 4. On the Root Certificate tab, click Import EAP Root Certificate. 5. Click Browse and select the local root certificate, as shown in Figure 23. 11

Figure 23 Selecting the root certificate 6. Click Next. The CRL configuration page opens, as shown in Figure 24. This example skips the CRL configuration. Figure 24 CRL configuration 7. Click OK. 8. Click the Server Certificate tab, click Import EAP Server Certificate. The Server Certificate Key Password page opens, as shown in Figure 25. Figure 25 Server Certificate Key Password page 12

9. Configure the following parameters, as shown in Figure 26: a. Select the Private key is included in server certificate file option. b. Click Browse for the Server Certificate File field, and select the local server certificate. Figure 26 Selecting the server certificate 10. Click Next. 11. Enter the server certificate key password in the Password of Server Private Key field, as shown in Figure 27. Figure 27 Entering the server certificate key password 12. Click OK. Installing certificates on a client To enable a client to pass certificate-based authentication on UAM, you must download and install a root CA certificate on the client. When the EAP-TLS authentication method is used, you must also request and install a client certificate for the client. Installing a root certificate 1. In Microsoft Internet Explorer, enter http://192.168.1.103/certsrv in the address bar. The Microsoft Active Directory Certificate Services page opens, as shown in Figure 28. In this example, 192.168.1.103 is the IP address of the CA server. 13

Figure 28 Microsoft Active Directory Certificate Services 2. Click Download a CA certificate, certificate chain, or CRL, as shown in Figure 29. Figure 29 Downloading a CA certificate 3. Click install this CA certificate chain. If the prompt The CA certificate chain has been successfully installed opens, as shown in Figure 30, the root certificate has been installed. Figure 30 CA Certificate Installed Requesting and installing a client certificate 1. In Microsoft Internet Explorer, enter http://192.168.1.103/certsrv in the address bar. 14

The Microsoft Active Directory Certificate Services page opens, as shown in Figure 31. In this example, 192.168.1.103 is the IP address of the CA server. Figure 31 Microsoft Active Directory Certificate Services 2. Click Request a certificate. 3. Click Advanced certificate request. 4. Click Create and submit a request to this CA. The Advanced Certificate Request dialog box opens. 5. Configure the advanced certificate request, as shown in Figure 32: a. Configure the name for the certificate: To request a user certificate, enter the account name of an access user in the Name field. If the access user is a domain user, the certificate name includes the domain name. To request a machine certificate, enter the full computer name in the Name field. b. Select Client Authentication Certificate from the Type of Certificate Needed list. c. Use the default values for other parameters. Figure 32 Configuring the advanced certificate request 6. Click Submit. The certificate request is submitted to the CA. 7. (Optional.) On the Microsoft Active Directory Certificate Services page, click View the status of a pending certificate request, as shown in Figure 33. 15

Figure 33 Microsoft Active Directory Certificate Services Figure 34 indicates that the certificate has not been issued. Figure 34 Certificate Pending Figure 35 indicates that the certificate has been issued. Figure 35 Certificate Issued 8. On the Certificate Issued page, click Install this certificate. If the prompt Your new certificate has been successfully installed is displayed, the client certificate has been installed. Figure 36 Certificate Installed 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information