3.9.2.1 Verifying a certificate

You can verify the authenticity of the certificate by viewing it with your browser.

After logging in to the appliance, choose SettingsSecurity to view the certificate. Make note of these attributes for comparison:

Fingerprints (especially)

Names

Serial number

Validity dates

Compare this information to the certificate displayed by the browser, that is, when browsing from outside the appliance.

3.9.2.2 Downloading and importing a self-signed certificate

The advantage of downloading and importing a self-signed certificate is to circumvent the browser warning.

In a secure environment, it is never appropriate to download and import a self-signed certificate, unless you have validated the certificate and know and trust the specific appliance.

In a lower security environment, it might be acceptable to download and import the appliance certificate if you know and trust the certificate originator. However, HP does not recommend this practice.

Microsoft Internet Explorer and Google Chrome share a common certificate store. A certificate downloaded with Internet Explorer can be imported with Google Chrome as well as Internet Explorer. Likewise, a certificate downloaded with Google Chrome can also be imported by both browsers. Mozilla Firefox has its own certificate store, and must be downloaded and imported with that browser only.

The procedures for downloading and importing a self-signed certificate differ with each browser.

Downloading a self-signed certificate with Microsoft Internet Explorer 9

1.Click in the Certificate error area.

2.Click View certificate.

3.Click the Details tab.

4.Verify the certificate.

5.Select Copy to File...

6.Use the Certificate Export Wizard to save the certificate as Base-64 encoded X.509 file.

Importing a self-signed certificate with Microsoft Internet Explorer 9

1.Select ToolsInternet Options.

2.Click the Content tab.

3.Click Certificates.

4.Click Import.

5.Use the Certificate Import Wizard.

a.When it prompts you for the certificate store, select Place….

b.Select the Trusted Root Certification Authorities store.

3.9.3 Using a certificate authority

Use a trusted CA (certificate authority) to simplify certificate trust management; the CA issues certificates that you import. If the browser is configured to trust the CA, certificates signed by the CA are also trusted. A CA can be internal (operated and maintained by your organization) or external (operated and maintained by a third-party).

3.9 Managing certificates from a browser 51

Page 51
Image 51
HP OneView Using a certificate authority, Verifying a certificate, Downloading and importing a self-signed certificate