Skip to main content

SSL certificate handling

This topic provides information about the administration of certificates that can be used with the SSL security protocol.

You can use SSL with a self-signed certificate or with a certificate that is signed by a third-party certificate authority. Using a self-signed certificate is the simplest method for using SSL; but, it does create a small security risk. The risk arises because the SSL client has no way of validating the identity of the SSL server for the first connection that is attempted between the client and server. For example, it is possible that a third party might impersonate the IMM2 web server and intercept data that is flowing between the actual IMM2 web server and the users web browser. If, at the time of the initial connection between the browser and the IMM2, the self-signed certificate is imported into the certificate store of the browser, all future communications will be secure for that browser (assuming that the initial connection was not compromised by an attack).

For more complete security, you can use a certificate that is signed by a certificate authority (CA). To obtain a signed certificate, click Generate a New Key and a Certificate Signing Request (CSR) in the Actions menu. You must then send the Certificate-Signing Request (CSR) to a CA and make arrangements to obtain a final certificate. When the final certificate is received, it is imported into the IMM2 by clicking Import a Signed Certificate in the Actions menu.

The function of the CA is to verify the identity of the IMM2. A certificate contains digital signatures for the CA and the IMM2. If a well-known CA issues the certificate or if the certificate of the CA has already been imported into the web browser, the browser can validate the certificate and positively identify the IMM2 web server.

The IMM2 requires a certificate for use with HTTPS Server, CIM over HTTPS, and the secure LDAP client. In addition the secure LDAP client also requires one or more trusted certificates to be imported. The trusted certificate is used by the secure LDAP client to positively identify the LDAP server. The trusted certificate is the certificate of the CA that signed the certificate of the LDAP server. If the LDAP server uses self-signed certificates, the trusted certificate can be the certificate of the LDAP server itself. Additional trusted certificates must be imported if more than one LDAP server is used in your configuration.