beautypg.com

Generating an ssl certificate, Configuring tacacs or tacacs+ security, Deleting the ssl certificate – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 46

background image

28

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

Importing digital certificates and RSA
private key files

To allow a client to communicate with the other Brocade device using an SSL connection, you
configure a set of digital certificates and RSA public-private key pairs on the device. A digital
certificate is used for identifying the server to the connecting client. It contains information about
the issuing Certificate Authority, as well as a public key. You can either import digital certificates
and private keys from a server, or you can allow the Brocade device to create them.

If you want to allow the Brocade device to create the digital certificates, refer to the next section,

“Generating an SSL certificate”

. If you choose to import an RSA certificate and private key file from

a client, you can use TFTP to transfer the files.

For example, to import a digital certificate using TFTP, enter a command such as the following.

Brocade# copy tftp flash 10.168.9.210 certfile server-certificate

Syntax: copy tftp flash ip-address file-name server-certificate

NOTE

If you import a digital certificate from a client, it can be no larger than 2048 bytes.

To import an RSA private key from a client using TFTP, enter a command such as the following.

Brocade# copy tftp flash 10.168.9.210 keyfile server-private-key

Syntax: copy tftp flash ip-address file-name server-private-key

The ip-addr is the IP address of a TFTP server that contains the digital certificate or private key.

Generating an SSL certificate

If you did not already import a digital certificate from a client, the device can create a default
certificate. To do this, enter the following command.

Brocade(config)# crypto-ssl certificate generate

Syntax: [no] crypto-ssl certificate generate

Deleting the SSL certificate

To delete the SSL certificate, enter the following command.

Brocade(config)# crypto-ssl certificate zeroize

Syntax: [no] crypto-ssl certificate zeroize

Configuring TACACS or TACACS+ security

You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the Brocade devices:

Telnet access

SSH access

Console access

See also other documents in the category Brocade Computer Accessories: