Brocade Communications Systems 12.4.00a Manual De Usuario
ServerIron ADX Security Guide
141
53-1002440-03
Configuring SSL on a ServerIron ADX
6
Once a key pair is generated it can be saved for backup on your server by exporting it as described
in
in
Also, you can import a keypair file (instead of generating it) as described in
NOTE
The ServerIron ADX supports keys in PEM (Privacy Enhanced Mail) or PKCS12 (Public Key
Cryptography Standard 12) formats.
Cryptography Standard 12) formats.
Certificate management
All configuration options used with the SSL acceleration features of the ServerIron ADX require that
you obtain a Certificate and upload it to the system. The following methods can be used to obtain
as certificate.
you obtain a Certificate and upload it to the system. The following methods can be used to obtain
as certificate.
•
•
•
Once a digital certificate and a keypair are obtained you can Import them to the ServerIron ADX
using the procedures described in
using the procedures described in
on page 148. This section also
describes how to configure a list of certificates that have been revoked by a CA in
Generating a Self-Signed Certificate
Before generating a self-signed certificate, you must obtain an RSA key pair as described in
Once you’ve obtained the RSA key pair, you can generate a self-signed certificate as shown in the
following example.
following example.
ServerIronADX# ssl gencert certkey testkey signkey testkey brocade123 testcert
You are about to be asked to enter information that will be incorporated into
your certificate request. The information you enter is what is called a
Distinguished Name or a DN.
Country name (2 letter code) [US] US
State or province (full name) [Some state] TX
Locality name (city) [Some city] Dallas
Organization name (Company name) Brocade
Organizational unit name (department) Engineering
Common name (your domain name) www.brocade.com
Email address [webadmin@brocade.com] se@brocade.com
Syntax: ssl gencert certkey <key-pair-file> signkey <key-pair-file> <password> <cert-name>
The <key-pair-file> variable is the name of the RSA key pair used to build and sign this certificate. It
is created using the ssl genrsa command.
is created using the ssl genrsa command.
The <password> variable is the password that is used to store this certificate.
The <cert-name> variable is the filename used to store the generated certificate. This file name
can contain a maximum of 32 characters.
can contain a maximum of 32 characters.