Brocade Communications Systems 12.4.00a Manual De Usuario
140
ServerIron ADX Security Guide
53-1002440-03
Configuring SSL on a ServerIron ADX
6
Configuring SSL on a ServerIron ADX
When configuring a ServerIron ADX for either SSL Termination mode or SSL Proxy mode, you must
perform each of the following configuration tasks:
perform each of the following configuration tasks:
•
Obtain a Keypair File – This section describes how to obtain an SSL asymmetic key pair. You
can generate an RSA key pair or import an existing key pair. See
can generate an RSA key pair or import an existing key pair. See
•
Certificate Management – This section describes various methods for obtaining a digital
certificate and the methods for importing Keys and Certificates. See
certificate and the methods for importing Keys and Certificates. See
•
Basic SSL Profile Configuration – This section describes how to perform the minimum SSL
profile configuration. See
profile configuration. See
•
Advanced SSL Profile Configuration – This section describes additional SSL profile
configuration parameters. See
configuration parameters. See
•
Configure Real and Virtual Servers for SSL Termination and Proxy Mode – This section
describes the configuration details required to configure the Real and Virtual servers for SSL
on a ServerIron ADX. See
describes the configuration details required to configure the Real and Virtual servers for SSL
on a ServerIron ADX. See
•
Configuring Other Protocols with SSL– This section describes how to configure other popular
protocols such as LDAPS, POP3S and IMAPS with SSL acceleration. See
protocols such as LDAPS, POP3S and IMAPS with SSL acceleration. See
•
Configure System Max Values – This section describes how to configure system max values for
SSLv2 connection rate and memory limit for SSL hardware buffers. See
SSLv2 connection rate and memory limit for SSL hardware buffers. See
Obtaining a ServerIron ADX keypair file
The keypair file specifies the location for retrieving the SSL asymmetric key pair, during an SSL
handshake. You can either generate an RSA keypair file on a ServerIron ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the flash memory and is not
deleted during a power cycle.
handshake. You can either generate an RSA keypair file on a ServerIron ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the flash memory and is not
deleted during a power cycle.
To generate an RSA keypair file, enter the following command.
ServerIronADX# ssl genrsa rsakey-file 1024 mypassword
Syntax: ssl genrsa <file-name> <key-strength> <password>
The <file-name> variable specifies the name of the keypair file. The file name can be up to 24
characters in length. The file name supports special characters like ’-’,’ _’, ’$’, ", ’%’, ’&’, and ’!’. It
does not support spaces and ’/’ characters.
characters in length. The file name supports special characters like ’-’,’ _’, ’$’, ", ’%’, ’&’, and ’!’. It
does not support spaces and ’/’ characters.
The <key-strength> variable specifies the Key strength (number of bits) for the RSA key pair. The
RSA key strength should be 512, 768, 1024 or 2048.
RSA key strength should be 512, 768, 1024 or 2048.
NOTE
The ServerIron ADX does not support key strength greater than 2048 bits.
The ServerIron ADX does not support key strength greater than 2048 bits.
The <password> variable specifies the password to the file. The length of password should not
exceed 64 characters.
exceed 64 characters.