Information tab
This screen displays the detailed information of the SSL certificate now in use by the Onboard Administrator. An SSL certificate is used to certify the identity of Onboard Administrator and is required by the underlying HTTP server to establish a secure (encrypted) communications channel with the client web browser.
On initial start up, Onboard Administrator generates a default self-signed SSL certificate valid for 10 years, and the certificate is issued to the name of the Onboard Administrator. Because this default certificate is self-signed, the issued by box is also set to the same name.
Status information
Description Item
The certificate subject common name. Cert Common Name
Certificate information
Description Item
The certificate authority that issued the certificate. Issued by
The date from which the certificate is valid. Valid from
The date the certificate expires. Valid until
The serial number assigned to the certificate by the certifying authority.
Serial Number
Version number of current certificate. Version
A validation of authenticity embedded in the certificate. MD5 Fingerprint
A validation of authenticity embedded in the certificate. SHA1 Fingerprint
Required Information
Description Item
The two-character country code that identifies the country where the Onboard Administrator is located.
Country (C)
The state or province where the Onboard Administrator is located. State or Province (ST)
The city or locality where the Onboard Administrator is located. City or Locality (L)
The company that owns this Onboard Administrator. Organization Name (O)
Optional data
Description Item
The person responsible for the Onboard Administrator. Contact Person
The email address of the person responsible for the Onboard Administrator. Email Address
The unit within the company or organization that owns the Onboard Administrator. Organizational Unit
The surname of the person responsible for the Onboard Administrator. Surname
The given name of the person responsible for the Onboard Administrator. Given Name
The initials of the person responsible for the Onboard Administrator. Initials
The distinguished name qualifier of the Onboard Administrator. DN Qualifier
Certificate-signing request attributes
Description Item
This is for additional information. Unstructured Name
Certificate Request tab
The Certificate Request tab enables you to enter the information needed to generate a self-signed certificate or a standardized certificate-signing request to a certificate authority.
Required Information
Description Possible values
Item
A valid country code that identifies the country where the Onboard Administrator is located. Must be one to two characters in length.
Acceptable characters are all alphanumeric, Country (C)
a space, and the following punctuation marks: ' ( ) + , - . / : = ?
The state or province where the Onboard Administrator is located.
Must be 1 to 30 characters in length. State or Province (ST)
The city or locality where the Onboard Administrator is located.
Must be 1 to 50 characters in length. City or Locality (L)
The organization that owns this Onboard Administrator. When this information is used Must be 1 to 60 characters in length.
Organization Name (O)
to generate a certificate-signing request, the certificate issuing authority can be sure that the organization requesting the certificate is legally entitled to claim ownership of the given company name or organization.
The Onboard Administrator name that appears in the browser web address box.
Must be 1 to 60 characters in length. To prevent security alerts, the value of this box Common Name (CN)
must match exactly the host name as it is known by the web browser. The web browser compares the host name in the resolved web address to the name that appears in the certificate. For example, if the web address in the address box is
https://oa-001635.xyz.com, then the value must be oa-001635.xyz.com.
SelectStandby OA Host Nameto include a request for a Standby Onboard Administrator certificate. Enter the information in theStandby Common Name (CN)box, which must be 1 to 60 characters in length. This selection appears only if you have a Standby Onboard Administrator in the enclosure.
Optional Information
Description Possible values
Item
An alternate name for the Onboard Administrator.
Must be 0 to 512 characters in length. Alternative Name
The field must either be empty or contain a list of keyword:value pairs separated by commas. The valid keyword:value entries include IP:<ip address>and DNS:<domain name>. The person responsible for the Onboard Administrator.
Must be 0 to 60 characters in length. Contact Person
The email address of the contact person responsible for the Onboard Administrator. Must be 0 to 60 characters in length.
Email Address
The unit within the company or organization that owns the Onboard Administrator. Must be 0 to 60 characters in length.
Organizational Unit
The surname of the person responsible for the Onboard Administrator.
Must be 0 to 60 characters in length. Surname
The given name of the person responsible for the Onboard Administrator.
Must be 0 to 60 characters in length. Given Name
Description Possible values
Item
The initials of the person responsible for the Onboard Administrator.
Must be 0 to 20 characters in length. Initials
The distinguished name qualifier of the Onboard Administrator.
Must be 0 to 60 characters in length. Acceptable characters are all alphanumeric, DN Qualifier
the space, and the following punctuation marks: ' ( ) + , - . / : = ?
Certificate-signing request attributes
Description Possible values
Box
The password for the certificate-signing request Must be 0 to 30 characters in length
Challenge Password
Confirm the Challenge Password Must be 0 to 30 characters in length
Confirm Password
This is for additional information (for example, an unstructured name that is assigned to the Onboard Administrator)
Must be 0 to 60 characters in length Unstructured Name
To generate a self-signed certificate or a standardized certificate-signing request, click theApply
button.
Standardized certificate-signing request
This screen displays a standardized certificate signing request generated by the Onboard
Administrator. The content of the request in the text box may can be sent to a certificate authority of your choice for signing. Once signed and returned from the certificate authority, the certificate can be uploaded under theCertificate Uploadtab.
If a static IP address is configured for Onboard Administrator when this certificate request is generated, the certificate request will be issued to the static IP address. Otherwise, it is issued to the dynamic DNS name of the Onboard Administrator. The certificate, by default, requests a valid duration of 10 years (this value is now not configurable).
When submitting the request to the certificate authority, be sure to:
• Use the Onboard Administrator URL for the server.
• Request the certificate be generated in the RAW format.
• Include the Begin and End certificate lines. Active Onboard Administrator Certificate Upload tab
Upload certificates for use in an Onboard Administrator in the following ways:
• Paste certificate contents into the text box and click theUploadbutton.
• Paste the URL of the certificate into the URL box and click theApplybutton.
The certificate to be uploaded must be from a certificate request sent out and signed by a certificate authority for this particular Onboard Administrator. Otherwise, the certificate fails to match the private keys used to generate the certificate request, and the certificate is rejected. Also, if the Onboard Administrator domain has been destroyed or re-imported, then you must repeat the steps for generating a certificate request. The certificate is re-signed by a certificate authority because the private keys are destroyed and recreated along with the Onboard Administrator domain. If the new certificate is successfully accepted and installed by the Onboard Administrator, you are automatically signed out. The HTTP server must be restarted so that the new certificate takes effect.