立即与支持人员聊天
与支持团队交流

KACE Systems Deployment Appliance 9.2 Common Documents - Administrator Guide

About the KACE Systems Deployment Appliance Getting started Using the Dashboard Configuring the appliance Setting up user accounts and user authentication Configuring security settings Preparing for deployment Managing device inventory Using labels Creating a Windows or Linux Boot Environment Managing drivers Capturing images Capturing user states Creating scripted installations Creating a task sequence Automating deployments Performing manual deployments Managing custom deployments Managing offline deployments About the Remote Site Appliance Importing and exporting appliance components Managing disk space Troubleshooting appliance issues Updating appliance software Glossary About us Legal notices

Enable SSL using an existing certificate

Enable SSL using an existing certificate

By default, SSL is disabled. You can use an existing SSL certificate, an intermediate certificate, or a self-signed certificate to run your appliance on a secure web browser. Using an existing certificate requires having an SSL private key and ensuring that port 80 is open.

1.
On the left navigation pane, click Settings > Control Panel to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enable SSL and click I already have an SSL certificate, Can I use it?
3.
Click Use My Certificate.
4.
Under Optional SSL Settings, select one of the following certificate types:

The secure web browser using https is available.

Generate private key for new SSL certificate

Generate private key for new SSL certificate

By default, SSL is disabled. You can generate a private key to enable SSL after you generate a new certificate. You can use a valid self-signed certificate if you have a private key or a PKCS-12 file, and the private key and certificate were generated from the same Certificate Signing Request (CSR).

1.
On the left navigation pane, click Settings > Control Panel to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enable SSL to use a new certificate or a valid self-signed SSL certificate. Note that Quest KACE does not recommend using a self-signed certificate.
1.
Click Get New SSL Certificate to display the SDA Advanced SSL Settings wizard.
Click Can I use a self-signed certificate instead?, then click Save and Restart Apache.

Disable SSL

Disable SSL

You can disable the secure web browser that the appliance is running on by disabling SSL (Secure Sockets Layer).

1.
On the left navigation pane, click Settings > Control Panel to display the Control Panel, then click Security to display the Security Settings page.
2.
Click Enabled ports: 80, 443 (change).
4.
Click Apply Changes.

The HTTPS browser is now unavailable.

Enable Two-Factor Authentication

Enable Two-Factor Authentication

Two-Factor Authentication (2FA) provides stronger security for users logging into the appliance by adding an extra step to the login process. It relies on the authenticator app to generate verification codes. The app generates a new six-digit code at regular intervals. When administrators enable 2FA on the appliance, applicable end users are prompted for a verification code each time they log in.

Start by installing the authenticator app on your mobile Android or iOS device. You can download the app from Google Play and Apple App Store.

Only users with Admin-level permissions have the ability to enable 2FA. Read-only administrators cannot manage this feature.

NOTE: Using the reset_admin_password command to reset the administrator's password also resets the 2FA token. For more information about this command, see Use the Command Line Console to reset the Administrator's password.
1.
On the left navigation pane, click Settings > Control Panel to display the Control Panel, then click Security to display the Security Settings page.
2.
On the Security Settings page, under Two-Factor Authentication, select Enable Two-Factor Authentication.
3.
Click Save.
4.
Complete the 2FA configuration on the Configure Two-Factor Authentication page that appears.
d.
In the Verification Code field, type the 6-digit code from the authenticator app.
e.
Click Finish Configuration.
The Configure Two-Factor Authentication page closes and the Dashboard appears, indicating that you are now logged in to the appliance with the newly configured 2FA credentials.
a.
On the left navigation pane, click Settings > Control Panel to display the Control Panel, then click Security to display the Security Settings page.
b.
When you enable 2FA on the appliance, only those users who have 2FA enabled can log in using this additional layer of security. To enforce 2FA for all users logging into the appliance, under Two-Factor Authentication, select Require Two-Factor Authentication for all users. This option overrides the 2FA configuration associated with individual user accounts. For more information, see Add or edit local administrator accounts.
c.
To specify the length of time during which users who require 2FA can bypass 2FA authentication, under Transition Window, specify the desired time period. This way, for example, if a user leaves their phone at home and cannot generate a new code, they can still access the appliance during the specified amount of time.
6.
Click Save.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级