HP Secure Key Manager User Manual
Page 217
Table 111 Remote Administration Settings section components
Components
Description
Web Admin
Server IP
The Web Admin Server IP address is the local IP address used to configure the SKM via
the Management Console. You can select one specific IP address or you can select all
of the IP addresses bound to the SKM. The URL used to connect to the Management
Console is: https://IP-address:port.
CAUTION:
We strongly recommend that you limit the Web Admin Server IP to a specific IP
address. If you have four IP addresses bound to the SKM, and you select All
instead of a specific IP address, then the SKM listens for Web Administration
requests on four different IP addresses; whereas, if you specify a single IP address,
the SKM listens for Web Administration requests on only one IP address. This can
greatly reduce system vulnerability to outside attacks.
Web Admin
Server Port
The Web Admin Server Port specifies the port on which the server listens for requests.
The default port is 9443.
Web Admin
Client Certificate
Authentication
The Web Admin Client Certificate Authentication setting activates the Management
Console Client Authentication feature, which requires that users present a client
certificate when logging into the Management Console.
CAUTION:
This feature is immediately enabled when you select this checkbox. If you select
this option through the Management Console, you will be immediately logged
off and will need a valid client certificate to return. If needed, you can use the
edit ras settings command from the CLI to disable this feature without presenting
a certificate. For more information on this feature, see
.
Web Admin
Trusted CA List
Profile
This field allows you to select a profile to use to verify that client certificates are signed
by a CA trusted by the SKM appliance. This option is only valid if you require clients to
provide a certificate to authenticate to the KMS Server.
As delivered, the default Trusted CA List profile contains no CAs. You must either add
CAs to the default profile or create a new profile and populate it with at least one
trusted CA before the KMS Server can authenticate client certificates
SSH Admin Server
IP
The SSH Admin Server IP address is the IP address used to configure the SKM from the
CLI. You can select one specific IP address or all of the IP addresses bound to the SKM.
CAUTION:
We strongly recommend that you limit the SSH Admin Server IP to a specific IP
address. If you have four IP addresses bound to the SKM, and you select All
instead of a specific IP address, then the SKM listens for SSH Administration
requests on four different IP addresses; whereas, if you specify a single IP address,
the SKM listens for SSH Administration requests on only one IP address. This can
greatly reduce system vulnerability to outside attacks.
SSH Admin Server
Port
The SSH Administration Server Port specifies the port on which the server listens for
requests. The default port is 22.
Edit
Click Edit to modify the remote administrator settings.
Recreate Web Cert
Click Recreate Web Cert to generate a new certificate for the remote administration
Management Console. After you click Recreate Web Cert, you are presented with an
intermediate page that allows you to specify the duration of the Web Admin Certificate.
After you specify a value in days, click Create. You must close all browser windows
and restart the browser to reconnect to the Management Console.
Recreate SSH Key
Click Recreate SSH Key to generate a new key for remote administration use via SSH.
Recreating the key closes all active SSH connections.
Secure Key Manager
217