To avoid security warning messages from your web browser
when you access Lenovo XClarity Administrator, you can download a copy of the current Certificate Authority
(CA) certificate, in PEM or DER format, to your local system, and
then import that certificate into your web browser's list of trusted
certificates.
About this task
XClarity Administrator supports RSA-3072/SHA-384, RSA-2048/SHA-256, and ECDSA
p256/SHA-256 certificate signatures. Other algorithms such as
SHA-1 stronger or SHA hashes might be supported depending on your
configuration. Consider the selected cryptographic mode in
XClarity Administrator (see
Configuring cryptography settings on the management server),
the selected security settings for managed servers (Configuring the security settings for a managed server), and the capabilities
of other software and devices in your environment. ECDSA certificates
that are based on some elliptic curves (including p256), but not all
elliptic curves, are supported on the Trusted Certificates page and
in the signing chain of the
XClarity Administrator certificate but
are not currently supported for
use by the
XClarity Administrator server certificate.
Note: XClarity Administrator uses RSA- 3072/SHA-384 certificate signatures for servers with XCC2 in Strict mode.
Procedure
To download the server certificate, complete the following steps.
- From the XClarity Administrator menu bar, click to display the Security
page.
- Click Certificate Authority under
the Certificate Management section. The Certificate Authority page is displayed.
- Click Download Certificate Authority Root Certificate.
- Click Save as der or Save as pem to save the server certificate as a DER or
PEM file on your local system.
- Import the downloaded certificate into the list of trusted
root authority certificates for your browser.
Firefox:
- Open the browser, and click .
- Click the Certificates tab.
- Click View certificates.
- Click Import, and browse to the location
where the certificate was downloaded.
- Select the certificate, and click Open.
Internet Explorer:
- Open the browser and click .
- Click Certificates to see a list of all
certificates that are currently trusted.
- Click Import to display the Certificate
Import wizard.
- Complete the wizard to import the certificate.