Enabling Ssl For The Secure Web Server; Ssl Client Certificate Management; Ssl Client Trusted Certificate Management - Lenovo RD220 - ThinkServer - 3798 User Manual

openssl req -in csr.der -inform DER -out csr.pem -outform PEM
7. Send the certificate-signing request to your certificate authority. When the
certificate authority returns your signed certificate, you might have to convert
the certificate to DER format. (If you received the certificate as text in an
e-mail or a Web page, it is probably in PEM format.) You can change the
format using a tool that is provided by your certificate authority or using a
tool such as OpenSSL (http://www.openssl.org). The command for converting
a certificate from PEM to DER format is similar to the following example:
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
Go to step 8 after the signed certificate is returned from the certificate
authority.
8. In the navigation pane, click Security. Scroll to the SSL Server Certificate
Management area.
9. Click Import a Signed Certificate.
10. Click Browse.
11. Click the certificate file that you want and then click Open. The file name
(including the full path) is displayed in the field next to the Browse button.
12. Click Import Server Certificate to begin the process. A progress indicator is
displayed as the file is transferred to storage on the IMM. Continue to display
this page until the transfer is completed.

Enabling SSL for the secure Web server

Note: To enable SSL, a valid SSL certificate must be installed.
Complete the following steps to enable the secure Web server:
1. In the navigation pane, click Security. The page that is displayed shows that a
valid SSL server certificate is installed. If the SSL server certificate status does
not show that a valid SSL certificate is installed, go to "SSL server certificate
management" on page 40.
2. Scroll to the SSL Server Configuration for Web Server area, select Enabled in
the SSL Client field, and then click Save. The selected value takes effect the
next time the IMM is restarted.

SSL client certificate management

The SSL client requires that a valid certificate and corresponding private
encryption key be installed before SSL is enabled. Two methods are available for
generating the private key and required certificate: using a self-signed certificate,
or using a certificate signed by a certificate authority.
The procedure for generating the private encryption key and certificate for the SSL
client is the same as the procedure for the SSL server, except that you use the SSL
Client Certificate Management area of the Security Web page instead of the SSL
Server Certificate Management area. If you want to use a self-signed certificate for
the SSL client, see "Generating a self-signed certificate" on page 40. If you want to
use a certificate authority signed certificate for the SSL client, see "Generating a
certificate-signing request" on page 40.

SSL client trusted certificate management

The secure SSL client (LDAP client) uses trusted certificates to positively identify
the LDAP server. A trusted certificate can be the certificate of the certificate
authority that signed the certificate of the LDAP server, or it can be the actual
Chapter 3. Configuring the IMM
43