cpca_client set_mgmt_tool

Description

Controls the ICA Management Tool.

Note:

On a Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server:

mdsenv <IP Address or Name of Domain Management Server>

See sk102837: Best Practices - ICA Management Tool configuration

Syntax

cpca_client [-d] set_mgmt_tool {on | off | add | remove | clean | print} [-p <CA port number>] {[-a <Administrator DN>] | [-u <User DN>] | [-c <Custom User DN>]}

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

on

Starts the ICA Management Tool.

off

Stops the ICA Management Tool.

add

Adds the specified administrator, user, or custom user that is permitted to use the ICA Management Tool.

remove

Removes the specified administrator, user, or custom user that is permitted to use the ICA Management Tool.

clean

Removes all administrators, users, or custom users that are permitted to use the ICA Management Tool.

print

Shows the configured administrators, users, or custom users that are permitted to use the ICA Management Tool.

-p <CA port number>

Optional. Specifies the TCP port on the Security Management Server or Domain Management Server, which is used to connect to the Certificate Authority.

The default TCP port number is 18265.

-a <Administrator DN>

Optional. Specifies the DN of the administrator that is permitted to use the ICA Management Tool.

Must specify the full DN as appears in SmartConsole

  1. Open Object Explorer > Users

  2. Open the Administrator object or a User object properties

  3. Click the Certificates pane

  4. Select the certificate and click the pencil icon

  5. Click View certificate details

  6. In the Certificate Info window, click the Details tab

  7. Click the Subject field

  8. Concatenate all fields

Example:

-a "CN=ICA_Tool_Admin,OU=users,O=MGMT.s6t98x"

-u <User DN>

Optional. Specifies the DN of the user that is permitted to use the ICA Management Tool.

Must specify the full DN as appears in SmartConsole:

  1. Open Object Explorer > Users

  2. Open the Administrator object or a User object properties

  3. Click the Certificates pane

  4. Select the certificate and click the pencil icon

  5. Click View certificate details

  6. In the Certificate Info window, click the Details tab

  7. Click the Subject field

  8. Concatenate all fields

Example:

-u "CN=ICA_Tool_User,OU=users,O=MGMT.s6t98x"

-c <Custom User DN>

Optional. Specifies the DN for the custom user that is permitted to use the ICA Management Tool.

Must specify the full DN as appears in SmartConsole.

  1. Open Object Explorer > Users

  2. Open the Administrator object or a User object properties

  3. Click the Certificates pane

  4. Select the certificate and click the pencil icon

  5. Click View certificate details

  6. In the Certificate Info window, click the Details tab

  7. Click the Subject field

  8. Concatenate all fields

Example:

-c "CN=ICA_Tool_User,OU=users,O=MGMT.s6t98x"

Note - If you run the "cpca_client set_mgmt_tool" command without the parameter "-a" or "-u", the list of the permitted administrators and users is not changed. The previously defined permitted administrators and users can start and stop the ICA Management Tool.

To connect to the ICA Management Tool

  1. In SmartConsole, configure the required administrator and user objects.

    You must create a certificate for these administrators and users.

    You use this certificate to configure the permitted users in the ICA Management Tool and in the client web browsers.

  2. In the command line on the Management Server, add the required administrators and users that are permitted to use the ICA Management Tool.

    cpca_client set_mgmt_tool add ...

  3. In the command line on the Management Server, start the ICA Management Tool.

    cpca_client set_mgmt_tool on

  4. Check the status of the ICA Management Tool:

    cpca_client set_mgmt_tool print

  5. Import the administrator's / user's certificate into the Windows Certificate Store:.

    1. Right-click the *.p12 file you saved when you created the required administrator / user, and click Install PFX.

      The Certificate Import Wizard opens.

    2. In the Store Location section, select the applicable option:

      • Current User (this is the default)

      • Local Machine

    3. Click Next.

    4. Enter the same certificate password you used when you created the required administrator / user certificate.

    5. Clear Enable strong private key protection.

    6. Select Mark this key as exportable.

    7. Click Next.

    8. Select Place all certificates in the following store > click Browse > select Personal > click OK.

    9. Click Next.

    10. Click Finish.

  6. In a web browser, connect to the ICA Management Tool:

    https://<IP Address of the Management Server>:18265

    Important - The fact that the TCP port 18265 is open is not a vulnerability. The ICA Management Tool Portal is secured and protected by SSL. In addition, only authorized administrators and users are allowed to access it using a certificate.

  7. A dialog box with this message appears:

    Client Authentication

    Identification

    The Web site you want to view requests identification.

    Select the certificate to use when connecting.

  8. Select the appropriate certificate for authenticating to the ICA Management Tool.

  9. Click OK.

  10. In the Security Alert dialog box, click Yes.