Configuring security

Use the procedures in this section to configure security for the management-module web server and to configure security for the connection between the management module and an LDAP server.

If you are not familiar with the use of SSL certificates, read the information in SSL certificate overview.

The content of the Security web page is context-sensitive. The selections that are available on the page change when certificates or certificate-signing requests are generated, when certificates are imported or removed, and when SSL is enabled or disabled for the client or the server.

Perform the following general tasks to configure the security for the management module:

  1. Configure the SSL server certificates for the secure web server:
    1. Disable the SSL server. Use the SSL Server Configuration for Web Server section on the MM Control → Security page.
    2. Generate or import a certificate. Use the SSL Server Certificate Management section on the MM Control → Security page. (See SSL server certificate management.)
    3. Enable the SSL server. Use the SSL Server Configuration for Web Server section on the MM Control → Security page. (See Enabling SSL for the secure web server.)
  2. Configure the SSL client certificates for secure LDAP connections:
    Note: SSL client certificate management is optional. You can still enable the SSL client for LDAP without generating a self-signed certificate or importing a signed certificate to the client.
    1. Disable the SSL client. Use the SSL Client Configuration for LDAP Client section on the MM Control → Security page.
    2. Generate or import a certificate. Use the SSL Client Certificate Management section on the MM Control → Security page. (See SSL client certificate management.)
    3. Import one or more trusted certificates. Use the SSL Client Trusted Certificate Management section on the MM Control → Security page. (See SSL client trusted certificate management.)
    4. Enable the SSL client. Use the SSL Client Configuration for LDAP Client section on the MM Control → Security page. (See Enabling SSL for the LDAP client.)
    Notes:
    • Changes to the SSL client configuration take effect immediately and do not require a restart of the management module.
    • For the advanced management module, the following configuration changes to the SSH, SMASH, and Secure SMASH no longer require a restart of the advanced management module:
      • Enable/disable SSH or Secure SMASH
      • Generate new SSH Host Keys
      • Change the port number for SSH or Secure SMASH
      • Install, delete or modify SSH public keys that are used for authentication
Parent topic: Secure web server and secure LDAP