Table of Contents
Advertisement
Chapter 16: Updating Enterprise Scanner
Configuring Explicit-Trust Authentication with an XPU Server
Introduction
Requirements
Procedure
220
You can configure the authentication between an agent and a SiteProtector X-Press
Update Server (XPU Server) to use either trust-all or explicit-trust authentication.
Trust-all authentication requires no additional set up, but it is less secure than explicit-
●
trust authentication.
Explicit-trust authentication is more secure than trust-all authentication; but to use it,
●
you must copy the certificate file from the alternate XPU Server to the agent.
Follow the procedure in this topic to configure explicit-trust authentication.
To use explicit-trust authentication with an XPU Server, do the following:
Requirements
Copy the certificate file from the XPU Server to the agent as described in the procedure
below.
Specify the fully qualified path of the certificate file in the CA Certificate box when you
configure the XPU Server as described in Step 3 of the procedure on page 221.
Table 82: Requirements for explicit-trust authentication
To configure the agent to use explicit-trust authentication with the XPU Server:
1. Locate the following certificate file on the XPU Server:
server-rsa.crt
The default path of the certificate file on the XPU Server is as follows:
Note:
C:\Program Files\ISS\SiteProtector\X-Press Update
Server\webserver\Apache2\conf\ssl.crt\server-rsa.crt
2. Use a secure copy tool, such as SSH or Windows Secure Copy, to copy the certificate
file ( server-rsa.crt ), and then paste it into the following directory on the agent:
/var/spool/leafcerts/
3. Rename the certificate file using the following format:
IPAddress_port.pem
The port for the XPU Server is 3994. Enterprise Scanner recognizes the XPU
Note:
Server by the IP address.
IBM Internet Security Systems
Advertisement
Table of Contents
