HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario descargar pdf (Pagina 23)

1. Security Manager will assess the device

based upon the Identity Certificate policy

editor settings and determine if

remediation is necessary.

2. If remediation is necessary, Security

Manager will either prompt the device for

a device generated Certificate Signing

Request (CSR) or generate a CSR from the

Security Manager application, depending

on what is selected as the CSR source.

3. The CSR is then submitted to the

Certificate Authority (CA) named in the

Identity Certificate policy editor settings.

4. The CA processes the CSR and issues a

signed certificate back to Security

Manager.

5. Security Manager will then install the

signed certificate and reassess.

6. If the newly installed certificate is

successfully reassessed, the Security

Manager status for the device will report

as Passed.

Once the certificate remediation is complete, verification can be accomplished by viewing the

certificate on the device.

Subsequent Certificate Assessment & Remediation

The Security Manager assessment and remediation process is an ongoing task, either scheduled at

some customer selectable frequency or through Instant-On Security scenarios. After a CA signed

certificate is initially installed on the device and verified by Security Manager, an additional

assessment item is included during subsequent assessments of the device. This additional assessment

item is the Security Manager check of a published Certificate Revocation List (CRL). Checking the CRL

to see if the certificate has been revoked is most certainly a certificate management best practice and

a crucial component of maintaining certificate trust. Without the CRL check, a revoked certificate may

be incorrectly accepted as valid. To use a Public Key Infrastructure effectively, the Security Manager

Certificate Management solution must have access to current CRLs. Information of the CRL is provided

(per CA configuration) in the CA signed certificate that was issued to Security Manager. This

information consists of CRL location, enabled access methods, and how often the CRL is updated and

published.

Note: A regular publication schedule for certificate revocation data is necessary to ensure an up-to-

date and accurate CRL is made available to the clients that utilize the list.

To validate the installed signed certificate, Security Manager uses the CRL information in the signed

certificate to access the CRL during subsequent certificate assessments. More CRL knowledge and

Security Manager use of CRLs during assessments is covered in the next section of this document.

Security Manager Assessment Behavior (CRL)

As mentioned earlier in this document, the checking of a CRL doesn’t occur until after a CA signed

certificate is initially installed on the device. Upon the next assessment, Security Manager will use the

CDP information provided in the certificate to locate the CRL. If another assessment is performed prior

1 2 ... 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Comentarios a estos manuales

Sin comentarios

HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario Pagina 23

Comentarios a estos manuales

Relacionado con productos y manuales para No HP JetAdvantage Security Manager 10 Device E-LTU