默认情况下,Cyber​​ark Vault Server将使用自签名中国体育彩票开奖。有一个选项可以部署CA签名中国体育彩票开奖以用于为客户端创建安全通道。通过这种方式,用户可以安全地对zhrid方进行身份验证。

如果您在Vault Server控制台上看到此消息,则使用自签名中国体育彩票开奖:

“ITATP044W安全警告 - Vault中国体育彩票开奖是自签名的,建议使用带有Vault配置的CA签名中国体育彩票开奖”

注意:如果您有Vault Dr,则必须将以下过程重复到DR服务器。

为拱顶生成中国体育彩票开奖签名请求

此过程在Vault Server上创建私钥,并由组织的SSL签名中国体育彩票开奖签名请求(CSR)。

安装Vault Server组织SSL Cert

此过程在Vault应用程序上安装您的签名组织SSL中国体育彩票开奖。

参考

附录


C:\Program Files (x86)\PrivateArk\Server> Cacert. .exe /?
Usage: CACert <command> [command parameters]
       If no command parameter is specified, you will be prompted for input.
CACert commands:
request         - Prepares certificate signing request (CSR) file
install         - Installs certificate to be used by the vault
uninstall       - Uninstalls the current vault certificate
import          - Imports and installs a certificate from a ".pfx" file
show            - Shows current vault certificate information
renew           - Renews the current vault certificate
setca           - Handles CA certificates store

Option preceeded with '*' is mandatory
"request" command options:
* /ReqOutFile      - 请求输出文件的名称
  /ReqOutPrvFile   - 私钥输出文件 (default is server private key)
  /KeyBitLen       - Bit length of output private key (default is 2048)
  /Country         - Country Name (2 letters code)
  /State           - State or Province Name (full name)
  /Locality        - Locality Name (eg, city)
  /Org             - Organization Name (eg, company)
  /OrgUnit         - Organizational Unit Name (eg, section)
* /CommonName      - Common Name (eg, DNS name of the vault)
  /SubjAlt         - Subject alternative names (eg, "DNS:www.cyber-ark.com, IP:1
92.168.41.1")
"install" command options:
* /CertFileName    - Full path of the certificate file to install
"uninstall" command options:
  /Quiet           - Uninstalls the vault certificate without user confirmation
"import" command options:
* /InFile          - Full path of the file that contains the key and certificate
 to import (.pfx)
  /Password        - Password of the .pfx file
"show" command options:
  /OutFormat       - Output format: TEXT, PEM OR DER (default is TEXT)
"renew" command options:
* /RenOutFile      - Certificate renewal output file name
"setca" command options:
  /CertStore       - Certificate store to work with. If parameter is ommited, th
e vault trusted client CA's store is selected
  /List            - Lists subjects of certificates in a store
  /Add             - Name of certificate file to add to the store
  /Remove          - Name of certificate file to remove from the store

C:\Program Files (x86)\PrivateArk\Server>

来自Blogger. //blog.fabiandinkins.com/2020/07/replace-cyberark-vault-server-self.html

经过 jonny.

发表评论