• You generate a new X.509 certificate, reuse an existing X.509 certificate or import a certificate chain
from a Certification Authority (CA).
• All systems that have Server Administrator installed have unique host names.
To manage X.509 certificates through the Preferences home page, click General Settings, click the Web
Server tab, and click X.509 Certificate.
The following are the available options:
• Generate a new certificate — Generates a new self-signed certificate used for SSL communication
between the server running Server Administrator and the browser.
NOTE: When using a self-signed certificate, most web browsers display an untrusted warning as
the self-signed certificate is not signed by a Certificate Authority (CA) trusted by the operating
system. Some secure browser settings can also block the self-signed SSL certificates. The Server
Administrator web GUI requires a CA-signed certificate for such secure browsers.
• Certificate Maintenance — Allows you to generate a Certificate Signing Request (CSR) containing all
the certificate information about the host required by the CA to automate the creation of a trusted
SSL web certificate. You can retrieve the necessary CSR file either from the instructions on the
Certificate Signing Request (CSR) page or by copying the entire text in the text box on the CSR page
and pasting it in the CA submit form. The text must be in the Base64–encoded format.
NOTE: You also have an option to view the certificate information and export the certificate that
is being used in the Base64–encoded format, which can be imported by other web services.
• Import certificate chain — Allows you to import the certificate chain (in PKCS#7 format) signed by a
trusted CA. The certificate can be in DER or Base64-encoded format.
• Import a PKCS12 Keystore — Allows you to import a PKCS#12 keystore that replaces the private key
and certificate used in Server Administrator web server. PKCS#12 is public keystore that contains a
private key and the certificate for a web server. Server Administrator uses the Java KeyStore (JKS)
format to store the SSL certificates and its private key. Importing a PKCS#12 keystore to Server
Administrator deletes the keystore entries, and imports a private key and certificate entries to the
Server Administrator JKS.
NOTE: An error message is displayed if you either select an invalid PKCS file or when you type an
incorrect password.
SSL Server Certificates
Server Administrator Web server is configured to use the industry-standard SSL security protocol to
transfer encrypted data over a network. Built on an asymmetric encryption technology, SSL is widely
accepted for providing authenticated and encrypted communication between clients and servers to
prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
• Authenticate itself to an SSL-enabled client
• Allow the two systems to establish an encrypted connection
The encryption process provides a high level of data protection. Server Administrator uses the most
secure form of encryption generally available for Internet browsers in North America.
Server Administrator Web server has a Dell self-signed unique SSL digital certificate by default. You can
replace the default SSL certificate with a certificate signed by a well-known Certificate Authority (CA). A
Certificate Authority is a business entity that is recognized in the Information Technology industry for
meeting high standards of reliable screening, identification, and other important security criteria.
Examples of CAs include Thawte and VeriSign. To initiate the process of obtaining a CA-signed certificate,
use the Server Administrator Web interface to generate a Certificate Signing Request (CSR) with your
39