Table of Contents
Advertisement
Chapter 11: Web Logins
Upload the certificate as follows:
2.
a)
b)
Click the Web Logins tab in the administrator console, and then click the SSL
3.
Certificate tab.
The SSL Certificate Generation page appears.
Mark the Use an uploaded PKCS #12 certificate checkbox on the SSL Certificate
4.
Generation page. In the Select certificate for Login drop-down list, choose the
certificate you uploaded earlier. There is no need to complete the remaining text
boxes in this page.
5.
Click Process to store the information and enable the PKCS #12 certificate as the
login page certificate.
Many providers issue certificates that certify the requester's host name rather than an
6.
IP address. If your certificate is host name-based, you must ensure that:
•
•
Special note about Certificate Revocation Lists
Some CAs put additional information into the certificates they issue, supplying the URL for
a Certificate Revocation List (CRL), which lists those certificates the CA has decided not to
certify any more. (This may happen, for example, for a web site that has been found to
install malicious software – the CA may decide not to vouch for the information about that
web server any more.)
If you use a certificate from a CA that publishes a Certificate Revocation List on the web,
there will be a URL address for the CRL in the root certificate, or the Web SSL certificate,
or in one of the chain certificates. You can see this address if you view the certificate
using the BSC option or other software.
If you use a certificate from a CA who uses CRLs, you will need to change the settings for
the "unregistered" role and all other roles to allow access to this special CRL. Otherwise,
some browsers may block users from logging in.
Recovering the Private Key
When you submit a CSR to a certificate provider, a private key for the certificate is also
generated and stored on the BSC. If the private key is lost or corrupted for any reason,
the certificate will no longer work. For that reason, it is good practice to either back up
the BSC database (as described in "Backup" on page 16-3) or download the private key
to your computer (as described on page 11-24) so that you can upload the "known
good" key to the BSC later.
To recover a previously saved or downloaded private key:
Click the Web Logins tab in the administrator console, and then click the SSL
1.
Certificate tab.
11-26
Mark the BSC Client Certificate radio button.
Click Browse, locate the file for the new certificate on your computer, and then
click Upload to upload it to the BSC.
The Redirect to hostname checkbox is checked in HTTP settings in the General
tab. For more information on this option, see "HTTP Server Settings" on page 10-
2.
The host name is registered in your organization's DNS table.
Advertisement
Table of Contents
