Dell Security Management Server Installation and Migration Guide v11.0.0 May 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
Contents Chapter 1: Introduction................................................................................................................. 5 About Security Management Server.............................................................................................................................. 5 Contact Dell ProSupport....................................................................................................................................................
Perform Back ups..............................................................................................................................................................82 Security Management Server Backups..................................................................................................................82 SQL Server Backups...................................................................................................................................................
1 Introduction About Security Management Server The Security Management Server has the following features: ● ● ● ● ● ● ● ● Centralized management of devices, users, and security policy Centralized compliance auditing and reporting Separation of administrative duties Role-based security policy creation and management Distributes security policies when clients connect Administrator-assisted device recovery Trusted paths for communication between components Unique encryption key generation and automatic secur
2 Requirements and Architecture This section details hardware and software requirements and architecture design recommendations for Dell Security Management Server implementation. Security Management Server Architecture Design Encryption Enterprise and Endpoint Security Suite Enterprise solutions are highly scalable products, based on the number of endpoints targeted for encryption in your organization. Architecture Components Below are suggested hardware configurations that suit most environments.
NOTE: If the organization has more than 20,000 endpoints, please contact Dell ProSupport for assistance. Requirements The hardware and software prerequisites for installing the Security Management Server software are included below. Before beginning installation, ensure that all patches and updates are applied to the servers used for installation.
Hardware The following table details the minimum hardware requirements for Security Management Server see Security Management Server Architecture Design for additional information about scaling based on the size of your deployment. Hardware Requirements Processor Modern Quad-Core CPU (1.
○ ○ ○ ○ Hardware must conform to minimum Hyper-V requirements 4 GB minimum RAM for dedicated image resource Must be run as a Generation 1 Virtual Machine See https://technet.microsoft.com/en-us/library/hh923062.aspx for more information Security Management Server v11.0 has been validated with VMware ESXi 6.0, VMware ESXi 6.5, and VMware ESXi 6.5. NOTE: When running VMware ESXi and Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019, VMXNET3 Ethernet Adapters are recommended.
best-practices/implementing-least-privilege-administrative-models for more information about implementing the least privilege rule. NOTE: Universal Account Control (UAC) must be disabled when installing in a protected directory. After disabling UAC, you must reboot the server for this change to take effect. NOTE: Registry locations for Policy Proxy (if installed): HKLM\SOFTWARE\Wow6432Node\Dell NOTE: Registry location for Windows servers: HKLM\SOFTWARE\Dell Prerequisites ● Visual C++ 2010 Redistributable Pa
● ● ● ● Mozilla Firefox 41.x or later Google Chrome 46.x or later Microsoft Edge (Chromium) Microsoft Edge NOTE: Your browser must accept cookies. Recommended Virtual Environments for Security Management Server Components The Security Management Server can be installed in a virtual environment.
Type Action Scenario SQL Privilege Required Proxy Front end Any NA NA NOTE: If User Account Control (UAC) is enabled, you must disable it before installation on Windows Server 2012 R2 when installing in C:\Program Files. The server must be rebooted for this change to take effect. During installation, Windows or SQL Authentication credentials are required to set up the database.
3 Pre-Installation Configuration Before you begin, read the Security Management Server Technical Advisories for any current workarounds or known issues related to Security Management Server. The pre-installation configuration of the server(s) where you intend to install the Security Management Server is very important. Pay special attention to this section to ensure a smooth installation of the Security Management Server.
○ ○ ○ ○ - login-euc1.cylance.com - protect-euc1.cylance.com - data-euc1.cylance.com - update-euc1.cylance.com - api-euc1.cylance.com - protect-api-euc1.cylance.com - download-euc1.cylance.com ■ Middle East and Asia - login-au.cylance.com - protect-au.cylance.com - data-au.cylance.com - update-au.cylance.com - api-au.cylance.com - protect-api-au.cylance.com - download-au.cylance.com ■ Japan, Australia, and New Zealand - login-apne1.cylance.com - protect-apne1.cylance.com - data-apne1.cylance.
● ● ● ● ● ● NOTE: This service is disabled by default. Instead, use Managed Reports, which is available in the Management Console that is hosted by the Dell Security Server. For information about enabling the Dell Compliance Reporter for historical reporting, see KB article 156418. Dell Core Server: HTTPS/8888 Dell Device Server: HTTP(S)/8081 NOTE: This legacy service is only required for Dell Encryption clients pre-8.x. This service can be safely disabled if all clients within the environment are 8.
NOTE: The EnterpriseServerInstallKey.ini is present in the Security Management Server's download package, available here. The preinstallation configuration of the server is complete. Continue to Install or Upgrade/Migrate.
4 Install or Upgrade/Migrate The chapter provides instructions for the following: ● New Installation - To install a new Security Management Server. ● Upgrade/Migration - To upgrade from an existing, functional Enterprise Server v9.2 or later. Dell Server v11.0 or higher requires Windows Server 2019. ● Uninstall Security Management Server - To remove the current installation, if necessary. If your installation must include more than one main server (back end), contact your Dell ProSupport representative.
Install Back End Server and New Database 1. In the Dell installation media, navigate to the Security Management Server directory. Unzip (DO NOT copy/paste or drag/ drop) Security Management Server-x64 to the root directory of the server where you are installing Security Management Server. Copying/pasting or dragging/dropping produces errors and an unsuccessful installation. 2. Double-click setup.exe. 3. Select the language for installation, then click OK. 4.
6. Read the license agreement, accept the terms, then click Next. 7. If you optionally copied your EnterpriseServerInstallKey.ini file to C:\Windows as explained in Pre-Installation Configuration, click Next. If not, enter the 32-character Product Key and then click Next. The Product Key is located in the EnterpriseServerInstallKey.ini file.
8. Select Back End Install and click Next. 9. To install the Security Management Server to the default location of C:\Program Files\Dell, click Next. Otherwise, click Change to select another location, then click Next.
10. To select a location for backup configuration files to be stored, click Change, navigate to the desired folder, then click Next. Dell recommends that you select a remote network location or external drive for backup. After installation, any changes to configuration files, including changes made with the Server Configuration Tool, must be manually backed up in these folders. Configuration files are an important part of the total information used to manually restore the Dell Server, if necessary.
11. You have a choice of digital certificate types to use. It is highly recommended that you use a digital certificate from a trusted certificate authority. Select option "a" or "b" below: a. To use an existing certificate that was purchased from a CA authority, select Import an existing certificate and click Next. Click Browse to enter the path to the certificate. Enter the password associated with this certificate. The key store file must be .p12 or pfx. See Exporting a Certificate to .
● Include all certificates in the certification path if possible ● Export all extended properties OR b. To create a self-signed certificate, select Create a self signed certificate and import it to key store and click Next. At the Create Self-Signed Certificate dialog, enter the following information: Fully qualified computer name (example: computername.domain.com) Organization Organizational Unit (example: Security) City State (full name) Country: Two-letter country abbreviation Click Next.
12. For Server Encryption, you have a choice of digital certificate types to use. It is highly recommended that you use a digital certificate from a trusted certificate authority. Select option "a" or "b" below: a. To use an existing certificate that was purchased from a CA authority, select Import an existing certificate and click Next. Click Browse to enter the path to the certificate. Enter the password associated with this certificate. The key store file must be .p12 or pfx.
Click Next. NOTE: To use this setting, the exported CA certificate being imported must have the full trust chain. If unsure, re-export the CA certificate and ensure that the following options are selected in the "Certificate Export Wizard": ● Personal Information Exchange - PKCS#12 (.PFX) ● Include all certificates in the certification path if possible ● Export all extended properties OR b.
13. From the Back End Server Install Setup dialog, you can view or edit hostnames and ports. ● To accept the default hostnames and ports, in the Back End Server Install Setup dialog, click Next. ● If you are using a front end server, select Works with Front End to communicate with clients internally in your network or externally in the DMZ and enter the front end Security Server hostname (for example, server.domain.com). ● To view or edit hostnames, click Edit Hostnames. Edit hostnames only if necessary.
● To view or edit Ports, click Edit Ports. Edit ports only if necessary. Dell recommends using the defaults. When finished, click OK.
14. To create a new database, follow these steps: a. Click Browse to select the server on which to install the database. b. Select the authentication method for the installer to use to set up the Dell Servery database. After installation, the installed product does not use the credentials specified here.
OR ● SQL server authentication using the credentials below If you use SQL authentication, the SQL account used must have system administrator rights on the SQL Server. The installer must authenticate to the SQL Server with these permissions: create database, add user, assign permissions. c. Identify the database catalog: Enter the name for a new database catalog. You are prompted in the next dialog to create the new catalog. d. Click Next. e.
Select Windows authentication using the credentials below, enter the credentials for the product to use, and click Next. Ensure that the account has system administrator rights and the ability to manage the SQL Server. The user account must have the SQL Server permissions Default Schema: dbo and Database Role Membership: dbo_owner, public. These credentials are also used by Dell services as they work with the Security Management Server.
16. In the Ready to Install the Program dialog, click Install. A progress dialog displays status throughout the installation process.
17. When the installation is completed, click Finish. Back End Server installation tasks are complete. Dell Services are restarted at the end of installation. It is not necessary to reboot the Dell Server. Install Back End Server with Existing Database NOTE: If you have a functional Dell Server v9.2 or later, refer to instructions in Upgrade/Migrate Back End Server(s).
You can install a new Security Management Server and connect to a SQL database created during Pre-Installation Configuration or an existing SQL database that is v9.x or later, when the schema version matches the Security Management Server version to be installed. The user account from which the installation is performed must have database owner privileges for the SQL database.
5. In the Welcome dialog, click Next. 6. Read the license agreement, accept the terms, then click Next.
7. If you optionally copied your EnterpriseServerInstallKey.ini file to C:\Windows as explained in Pre-Installation Configuration, click Next. If not, enter the 32-character Product Key and then click Next. The Product Key is located in the EnterpriseServerInstallKey.ini file. 8. Select Back End Install and Recovery Installation, and click Next.
9. To install the Security Management Server to the default location of C:\Program Files\Dell, click Next. Otherwise, click Change to select a different location, then click Next. 10. To select a location for backup configuration recovery files to be stored, click Change, navigate to the desired folder, then click Next. Dell recommends that you select a remote network location or external drive for backup.
After installation, any changes to configuration files, including changes made with the Server Configuration Tool, must be manually backed up in these folders. Configuration files are an important part of the total information used to manually restore the Dell Server. NOTE: The folder structure created by the installer during installation (example shown below) must remain unchanged. 11. You have a choice of digital certificate types to use.
Click Browse to enter the path to the certificate. Enter the password associated with this certificate. The key store file must be .p12 or pfx. SeeExporting a Certificate to .PFX Using the Certificate Management Console for instructions. Click Next. NOTE: To use this setting, the exported CA certificate being imported must have the full trust chain.
OR b. To create a self-signed certificate, select Create a self signed certificate and import it to key store and click Next. At the Create Self-Signed Certificate dialog, enter the following information: Fully qualified computer name (example: computername.domain.com) Organization Organizational Unit (example: Security) City State (full name) Country: Two-letter country abbreviation Click Next. NOTE: The certificate expires in 10 years, by default.
12. From the Back End Server Install Setup dialog, you can view or edit hostnames and ports. ● To accept the default hostnames and ports, in the Back End Server Install Setup dialog, click Next. ● If you are using a front end server, select Works with Front End to communicate with clients internally in your network or externally in the DMZ and enter the front end Security Server hostname (for example, server.domain.com). ● To view or edit hostnames, click Edit Hostnames. Edit hostnames only if necessary.
● To view or edit Ports, click Edit Ports. Edit ports only if necessary. Dell recommends using the defaults. When finished, click OK.
13. Specify the authentication method for the installer to use. a. Click Browse to select the server where the database resides. b. Select the authentication type. ● Windows authentication credentials of current user If you choose Windows Authentication, the same credentials that were used to log in to Windows are used for authentication (User Name and Passwordare not editable). Ensure that the account has system administrator rights and the ability to manage the SQL Server.
The following options MUST be used only with the help of Dell ProSupport: ● The Migrate this database to the current schema option is used to recover a good database from a failed server implementation. This option uses the recovery files in the \Backup folder to reconnect to the database, and then migrates the database to the current schema. This option should only be used after first trying to re-install the correct version of Security Management Server, then running the latest installer to upgrade.
15. Select the authentication method for the product to use. This is the account that the product uses to engage with the database and Dell services. ● To use Windows authentication Select Windows authentication using the credentials below, enter the credentials for the account that the product can use, then click Next. Ensure that the account has system administrator rights and the ability to manage the SQL Server.
16. In the Ready to Install the Program dialog, click Install. A progress dialog displays status throughout the installation process.
When the installation is completed, click Finish. Back end server installation tasks are complete. Dell Services are restarted at the end of installation. It is not necessary to reboot the server.
Install Front End Server Front end server installation provides a front end (DMZ mode) option for use with Security Management Server. If you intend to deploy Dell components in the DMZ, ensure that they are properly protected against attacks. To perform this installation, you need the fully qualified hostname of the DMZ server. 1. In the Dell installation media, navigate to the Security Management Server directory.
6. Read the license agreement, accept the terms, then click Next. 7. If you optionally copied your EnterpriseServerInstallKey.ini file to C:\Windows as explained in Pre-Installation Configuration, click Next. If not, enter the 32-character Product Key and then click Next. The Product Key is located in the EnterpriseServerInstallKey.ini file.
8. Select Front End Install and click Next. 9. To install the front end server to the default location of C:\Program Files\Dell, click Next. Otherwise, click Change to select another location, then click Next.
10. You have a choice of digital certificate types to use. NOTE: It is highly recommended that you use a digital certificate from a trusted certificate authority. Select option "a" or "b" below: a. To use an existing certificate that was purchased from a CA authority, select Import an existing certificate and click Next. Click Browse to enter the path to the certificate. Enter the password associated with this certificate. The key store file must be .p12 or pfx. SeeExporting a Certificate to .
Click Next. NOTE: To use this setting, the exported CA certificate being imported must have the full trust chain. If unsure, re-export the CA certificate and ensure that the following options are selected in the "Certificate Export Wizard": ● Personal Information Exchange - PKCS#12 (.PFX) ● Include all certificates in the certification path if possible ● Export all extended properties b. To create a self-signed certificate, select Create a self signed certificate and import it to key store and click Next.
11. In the Front End Server Setup dialog, enter the fully qualified hostname or DNS alias of the back end server, select Dell Security Management Server, and click Next. 12. From the Front End Server Install Setup dialog, you can view or edit hostnames and ports. ● To accept the default hostnames and ports, in the Front End Server Install Setup dialog, click Next.
● To view or edit hostnames, in the Front End Server Setup dialog, click Edit Hostnames. Edit hostnames only if necessary. Dell recommends using the defaults. NOTE: A hostname cannot contain an underscore character ("_"). Deselect a proxy only if certain that you do not want to configure it for installation. If you deselect a proxy in this dialog, it is not installed. When finished, click OK.
● To view or edit Ports, in the Front End Server Setup dialog, click either Edit External Facing Ports or Edit Internal Connecting Ports. Edit ports only if necessary. Dell recommends using the defaults. If you deselect a proxy in the Edit Front End Host Names dialog, its port does not display in the External Ports or Internal Ports dialogs. When finished, click OK.
13. In the Ready to Install the Program dialog, click Install. A progress dialog displays status throughout the installation process.
14. When the installation is completed, click Finish. Front End Server installation tasks are complete. Upgrade/Migration You can upgrade Enterprise Server v9.2 and later to Security Management Server v10.x. If your Dell Server version is older than v9.2, you must first upgrade to v9.2 then upgrade to later versions.
Before You Begin Upgrade/Migration Before you begin, ensure that all Pre-Installation Configuration is complete. Read the Security Management Server Technical Advisories for any current workarounds or known issues related to Security Management Server installation. The user account from which the installation is performed must have database owner privileges for the SQL database.
Upgrade/Migrate Back End Server(s) 1. In the Dell installation media, navigate to the Security Management Server directory. Unzip (NOT copy/paste or drag/drop) Security Management Server-x64 to the root directory of the server where you are installing Security Management Server. Copying/pasting or dragging/dropping produces errors and an unsuccessful installation. 2. Double-click setup.exe. 3. Select the language for installation, then click OK. 4. In the Welcome dialog, click Next.
5. Read the license agreement, accept the terms, then click Next. 6. To select a location for backup configuration files to be stored, click Change, navigate to the desired folder, and click Next. Dell recommends that you select a remote network location or external drive for backup.
The folder structure created by the installer during installation (example shown below) must remain unchanged. 7. When the installer properly locates the existing database, the dialog is filled out for you.
To connect to the existing database, specify the authentication method to use. After installation, the installed product does not use credentials specified here. a. Select the database authentication type: ● Windows authentication credentials of current user If you choose Windows Authentication, the same credentials that were used to log in to Windows are used for authentication (User Name and Password are not editable).
9. If the database is not backed up, you must back it up before continuing the installation. Database upgrade cannot be rolled back. Only after the database is backed up, select Yes, the database has been backed up, and click Next. 10. Click Install to begin the installation.
A progress dialog displays status throughout the upgrade process. 11. When the installation is completed, click Finish.
Dell Services are restarted at the end of migration. It is not necessary to reboot the Dell Server. The installer performs steps 12-13 for you. It is a Best Practice to check these values to ensure the changes have been made properly. 12. In your backed up installation, copy/paste: \conf\secretKeyStore to the new installation: \conf\secretKeyStore 13. In the new installation, open \conf\server_config.
Unknown Password Save and close the file. NOTE: Do not attempt to change the Security Management Server password by editing the server.pass value in server_config.xml at any other time. If you change this value, you lose access to the database. Back end server migration tasks are complete. Upgrade/Migrate Front End Server(s) 1. In the Dell installation media, navigate to the Security Management Server directory.
5. In the Welcome dialog, click Next. 6. Read the license agreement, accept the terms, then click Next.
7. In the Ready to Install the Program dialog, click Install. A progress dialog displays status throughout the installation process.
8. When the installation is completed, click Finish. 9. Set up the back end server to communicate with the front end server. a. On the back end server, go to \conf\ and open the application.properties file. b. Locate publicdns.server.host and set the name to an externally resolvable hostname. c. Locate publicdns.server.port and set the port (the default is 8443). Dell Services are restarted at the end of installation.
Disconnected Mode Installation Disconnected mode isolates Security Management Server from the Internet and an unsecured LAN or other network. After Security Management Server is installed in Disconnected mode, it remains in Disconnected mode and cannot be changed back to Connected mode. Security Management Server is installed in Disconnected mode at the command line. The following table lists the available switches. Switch Meaning /v Pass variables to the .msi inside the *.
Parameters SSL_STATENAME SSOS_TYPE=n - Where n is 1 to import an existing certificate that was purchased from a CA authority and 2 to create a self-signed certificate. The SSOS_TYPE value determines which SSOS properties are required.
Parameters Following are hostname parameters. Edit hostnames only if necessary. Dell recommends using the defaults. Format must be server.domain.com. NOTE: A hostname cannot contain an underscore character ("_"). CORESERVERHOST - Optional. Core Server hostname. RMIHOST - Optional. Compatibility Server hostname. REPORTERHOST - Optional. Compliance Reporter hostname. DEVICEHOST - Optional. Device Server hostname. KEYSERVERHOST - Optional. Key Server hostname. TIGAHOST - Optional. Security Server hostname.
4. In the Remove the Program dialog, click Remove. A progress dialog displays status throughout the uninstallation process.
5. When the uninstallation is completed, click Finish.
5 Post-Installation Configuration Read the Security Management Server Technical Advisories for current workarounds or known issues related to Security Management Server configuration. Whether you are installing the Security Management Server for the first time or are upgrading an existing installation, some components of your environment must be configured.
The Dell Core Server and Compatibility Server cannot run simultaneously with the Server Configuration Tool. Stop the Core Server service and Compatibility Server service in Services (Start > Run. Type services.msc ) prior to starting the Server Configuration Tool. To launch the Server Configuration Tool, go to Start > Dell > Run Server Configuration Tool . The Server Configuration Tool logs to C:\Program Files\Dell\Enterprise Edition\Server Configuration Tool\Logs.
Express 1. From the top menu, select Actions > Configure Certificates. 2. When the Configuration Wizard launches, select Express and click Next. The information from the self-signed certificate that was created when installing the Security Management Server is used, if available. 3. From the top menu, select Configuration > Save. If prompted, confirm the save. Certificate setup is complete. The rest of this section details the Advanced method of creating a certificate.
Click Finish when complete. ○ Generate Self-Signed Certificate - The information from the self-signed certificate that was created when installing the Security Management Server is used, if available. Click Next. Click Finish when complete. Certificate setup is complete. When changes are complete: 1. From the top menu, select Configuration > Save. If prompted, confirm the save. 2. Close the Dell Serverr Configuration Tool. 3. Click Start > Run. Type services.msc and click OK.
22. From the top menu, select Actions > Import DM certificate. 23. Navigate to the location where the exported file was saved. Select the file and click Open. 24. Enter the password associated with this file and click OK. The Dell Manager certificate import is now complete. When changes are complete: 1. From the top menu, select Configuration > Save. If prompted, confirm the save. 2. Close the Dell Server Configuration Tool. 3. Click Start > Run. Type services.msc and click OK.
Enter the following information: 1. In Host Name, enter the FQDN of your SMTP server, such as smtpservername.domain.com. 2. In User Name, enter the user name to log in to the mail server. The format can be DOMAIN\jdoe, jdoe, or whatever form your organization requires. 3. In Password, enter the Password associated with this user name. 4. In From Address, enter the email address that the email will originate from. This may be the same as the account for the user name (jdoe@domain.
If either the SQL database or SQL instance is configured with a non-default collation, the non-default collation must be case-insensitive. For a list of collations and case sensitivity, see https://msdn.microsoft.com/en-us/library/ ms144250(v=sql.105).aspx. When changes are complete: 1. From the top menu, select Configuration > Save. If prompted, confirm the save. 2. Close the Dell Server Configuration Tool. 3. Click Start > Run. Type services.msc and click OK.
6 Administrative Tasks Assign Dell Administrator Role 1. As a Security Management Server Virtual administrator, log in to the Management Console: https:// server.domain.com:8443/webui/ . The default credentials are superadmin/changeit. 2. In the left pane, click Populations > Domains. 3. Click a domain to add a user to. 4. On the Domain Detail page, click the Members tab. 5. Click Add User. 6. Enter a filter to search the user name by Common Name, Universal Principal Name, or sAMAccountName.
3. Click Commit Policies. Configure Dell Compliance Reporter 1. In the left pane, click Compliance Reporter. 2. When Dell Compliance Reporter launches, log in using the default credentials of superadmin/changeit. Perform Back ups For the purposes of disaster recovery, ensure the following locations are backed up weekly, with nightly differentials. For more information on planning for disaster recovery, refer tohttp://www.dell.
7 Ports The following table describes each component and its function. Name Default Port Description ACL Service TCP/ Manages various permissions and group access for various Dell Security products. 8006 NOTE: Port 8006 is not currently secured. Ensure this port is properly filtered through a firewall. This port is internal only. Compliance Reporter HTTP(S)/ 8084 Provides an extensive view of the environment for auditing and compliance reporting.
Name Default Port Description Compatibility Server TCP/ A service for managing the enterprise architecture. Collects and stores initial inventory data during activation and policy data during migrations. Processes data based on user groups. 1099 NOTE: Port 1099 should be filtered through a firewall. Dell recommends this port be internal only. Message Broker Service TCP/ and STOMP/ Handles communication between services of the Dell Server.
Name Default Port Description for replication to the global catalog can be returned. For example, a user's department could not be returned using port 3268 since this attribute is not replicated to the global catalog. Microsoft SQL Database TCP/ 1433 Client Authentication HTTPS/ 8449 The default SQL Server port is 1433, and client ports are assigned a random value between 1024 and 5000. Allows client servers to authenticate with Dell Server. Required for Server Encryption.
8 SQL Server Best Practices The following list explains SQL Server best practices, which should be implemented when Dell security is installed if not already implemented. 1. Ensure the NTFS block size where the data file and log file reside is 64 KB. SQL Server extents (basic unit of SQL storage) are 64 KB. For more information, search Microsoft's TechNet articles for "Understanding Pages and Extents." 2.
9 Certificates This chapter explains how to obtain certificates for use with Security Management Server. For information on how to configure to configure SmartCard Authentication, see http://www.dell.com/support/ article/us/en/19/sln303783/dell-data-protection-sed-management-smartcard-setup-guide?lang=en. For information about the minimum requirements to request SSL/TLS certificates for use by the Dell Data Security server, see http://www.dell.
\conf\application.properties. Set the value keystore.password = \conf\application.properties. Set the value keystore.password = ● Fully Qualified Server Name: Enter the fully qualified name of the server where the component you are working with is installed. This fully qualified name includes the hostname and the domain name (example, server.domain.com). ● Organizational unit: Enter the appropriate value (example, Security).
Import a Root Certificate If the root certificate Certificate Authority is Verisign (but not Verisign Test), skip to the next procedure and import the signed certificate. The Certificate Authority root certificate validates signed certificates. 1. Do one of the following: ● Download the Certificate Authority root certificate, and store it in a file. ● Obtain the enterprise directory server root certificate. 2.
4. Select the option to Submit a certificate request using a base64 encode PKCS #10 file and click Next. Advanced Certificate Request 5. Paste in the contents of the CSR request in the text box. Select a certificate template of Web Server and click Submit.
6. Save the certificate. Select DER encoded and click Download CA certificate. Download CA Certificate 7. Save the certificate. Select DER encoded and click Download CA certification path.
8. Import the converted signing authority certificate. Return to the command prompt. Type: keytool -import -trustcacerts -file -keystore cacerts 9. Now that the signing authority certificate has been imported, the server certificate can be imported (the chain of trust can be established). Type: keytool -import -alias sslkey -file -keystore cacerts Use the alias of the self-signed certificate to pair the CSR request with the server certificate. 10.
11. Highlight the desired certificate, right-click All Tasks > Export. 12. When the Certificate Export wizard opens, click Next. 13. Select Yes, export the private key and click Next. 14. Select Personal Information Exchange - PKCS #12 (.PFX) and then select the sub-options Include all certificates in the certification path if possible and Export all extended properties. Click Next. 15. Enter and confirm a password. This can be any password of your choosing.