Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
|A single word||
||Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".|
You can specify that the search results contain a specific phrase.
Topics that contain the literal phrase "cat food" and all its grammatical variations.
Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.
Two or more words in the same topic
|Either word in a topic||
|Topics that do not contain a specific word or phrase||
|Topics that contain one string and do not contain another||
|A combination of search types||
- System security
- Encryption of configuration file settings
- Encryption of operator passwords
- Encryption of client keystore passwords
- Randomly generated master keys
- Inactivity timer
- Lockout feature
- System quiesce: Login restrictions
- Mandanten file security
- Multicompany mode
- Script utilities
- Security tables
- Secure Sockets Layer (SSL) encryption and server certificates
- Support of the HTTP Strict Transport Security protocol
- Trusted sign-on
- Common Access Card (CAC) sign-on
- SAML Single Sign-On
- FIPS mode
Secure Sockets Layer (SSL) encryption and server certificates
Service Manager supports Secure Hypertext Transfer Protocol (HTTPS), which encrypts and decrypts message requests and responses. Service Manager uses Secure Sockets Layer (SSL) for encryption only and relies on the server to authenticate each operator's user name and password. Service Manager supports SSL for the following connections:
- SSL on the Service Manager server to encrypt all communications between clients and the server.
- SSL on Service Manager clients to verify the client's identity and limit server connections to these identified clients
Enabling SSL on the Service Manager server
The primary reason to enable SSL on the Service Manager server is to protect operator user names and passwords that Service Manager clients send with each request as part of an HTTP Basic Authorization header. You can enable SSL on the Service Manager server but not require each client to present an individual client certificate. When you enable SSL on the server only, clients connect to the server using anonymous SSL.
Enabling SSL on Service Manager clients
The primary reason to enable SSL on Service Manager clients is to restrict access to the server to only those clients known and identified by the server. Enabling client-side SSL requires creating or purchasing signed certificates for each Service Manager client. The Service Manager Web Tier can share a single signed certificate for all Web Client connections. If you enable client-side SSL, we recommend you also enable server-SSL to encrypt all communications between clients and the server.
The client/server SSL handshake process
During the client/server handshake process, the client looks at the server certificate, determines which certificate authority signed the certificate, and compares the certificate signature to a list of trusted certificate authorities identified in the
cacerts file. Service Manager includes a sample server certificate signed by a fictitious certificate authority and also includes a modified
cacerts file that includes the certificate for the fictitious certificate authority.
The client also compares the IP address or host name of the server to the address encrypted in the server certificate. If they do not match, an alert appears and the user can stop the connection. When you start a new installation of Service Manager, it suppresses the alerts. To ensure a secure environment, remove the sample server certificate, install an actual certificate, and modify the
cacerts file to list the appropriate certificate authority.
Example: Enabling required SSL encryption
Example: Enabling required SSL encryption and client authentication
Example: Enabling required SSL encryption and trusted clients
Example: Enabling trusted sign-on
Example: Generating a client certificate with OpenSSL
Example: Generating a server certificate with OpenSSL
Example: Viewing the contents of a cacerts file
What are PEM files?
What is a cacerts file?
Add a client certificate to the web tier
Add a client certificate to the Windows client
Update the cacerts keystore file
Use keytool to create a certificate request
Use keytool to create a private key
Requirements for required SSL encryption
Requirements for required SSL encryption and client authentication
Requirements for required SSL encryption and trusted clients
Requirements for trusted sign-on
Troubleshooting: No trusted certificate found in the Windows client