HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario descargar pdf (Pagina 43)

Choosing Best Possible as the CSR Source allows Security Manager to determine if the device or if

Security Manager will generate the CSR. If the device supports generating the desired parameters in

its own CSR, then Device will be chosen as the source for that device. However, if the device does

not support generating the desired parameters in the CSR, HP Security Manager will be chosen as the

source to generate the CSR for the device.

Security Manager handles all communications to the Certificate Authority (CA) on behalf of the

device. Security Manager must have machine to machine access to the CA and proper permissions

to submit requests. By default this would be the machine account for the Security Manager server that

represents the account (Network Service) under which the Security Manager service runs. For more

information pertaining to how to configure the CA to accept requests from Security Manager, see the

whitepaper titled “HP JetAdvantage Security Manager Certificate Authority Access”.

The policy contains the name of the server running the CA, the Certificate Authority name itself, and

the template name when using an Enterprise Microsoft CA. The template provides additional

parameters not included in the certificate request.

For the Certificate Authority Type, select whether the certificate creator is standalone or enterprise. A

standalone creator is optionally included in the Active Directory, and by default, requires manual

approval of certificate requests. An enterprise creator must be in the Active Directory and requires a

template. By default, enterprise CA servers automatically approve certificate requests.

If remediation is enabled, and a certificate is not installed, Security Manager requests and installs a

valid certificate on the device. If a certificate is already installed, Security Manager verifies that it is

valid and up to date.

The Subject Alternative Name field lets you specify additional common names, or subject names, to

be protected by a single SSL Certificate. HP Security Manager must be chosen as the CSR Source in

order to write hostname, FQDN and IP Address as SANs into the certificate. This means you can

now browse to IP Address, hostname or FQDN in a browser without receiving an error regarding the

certificate not matching the subject. To see an example of Subject Alternative Names, in the address

bar when browsing to a printer EWS page, click the green padlock in the browser to examine the SSL

Certificate. In the certificate details, you will find a Subject Alternative Name extension that lists IP

Address, hostname and FQDN if this option is checked in Security Manager when installing identity

certificates.

Newer devices where certificates are unified and completely managed under the Security tab in EWS

allow for reading whether SANs entries are present, thus they can be compared to a policy and

remediated if not matching. Reporting will also indicate when SANs were remediated. However,

older devices where the identity certificate is managed under the Networking tab in EWS do not

allow for reading whether SANs are present in the certificate, thus they cannot be compared against

the SANs setting in a policy and remediated if not matching. For the case of these older devices,

something else in the policy for identity certificates must be mismatched in order for Security Manager

to remediate the SANs settings. In this case, SANs still not appear in reporting as having been

remediated.

1 2 ... 38 39 40 41 42 43 44 45 46 47 48 ... 115 116

Sin comentarios

HP JetAdvantage Security Manager 10 Device E-LTU Manual de usuario Pagina 43