beautypg.com

Ssl/tls commands, Set ssl server – Perle Systems IOLAN CSS User Manual

Page 31

background image

Server Commands 31

SSL/TLS Commands

SSL/TLS Commands

Set SSL Server

Description Sets the default SSL/TLS parameters for the server.
User Level Admin
Syntax

set ssl server [version any|tslv1|sslv3] [type client|server]

[verify-peer on|off]

[validation-criteria

country <code>|state-province <text>|locality <text>

|organisation <text>|organisation-unit <text>

|common-name <text>|email <email_addr>]

Options

version

Specify whether you want to use:

z

Any—The IOLAN will try a TLSv1 connection first. If that fails, it will try an
SSLv3 connection. If that fails, it will try an SSLv2 connection.

z

TLSv1—The connection will use only TLSv1.

z

SSLv3—The connection will use only SSLv3.

The default is Any.

type

Specify whether the IOLAN will act as an SSL/TLS client or server. The default is
Client.

verify-peer

Enable this option when you want the Validation Criteria to match the Peer Certificate
for authentication to pass. If you enable this option, you need to download an SSL/TLS
certificate authority (CA) list file to the IOLAN.

validation-criteria

Any values that are entered in the validation criteria must match the peer certificate for
an SSL connection; any fields left blank will not be validated against the peer
certificate.

country

A two character country code; for example, US. This field is case sensitive in order to
successfully match the information in the peer SSL/TLS certificate.

state-province

Up to a 128 character entry for the state/province; for example, IL. This field is case
sensitive in order to successfully match the information in the peer SSL/TLS certificate.

locality

Up to a 128 character entry for the location; for example, a city. This field is case
sensitive in order to successfully match the information in the peer SSL/TLS certificate.

organisation

Up to a 64 character entry for the organisation; for example, Accounting. This field is
case sensitive in order to successfully match the information in the peer SSL/TLS
certificate.