beautypg.com

Using global site certificates, Overview, Using the cli – HP Traffic Director sa7220 User Manual

Page 273: Overview using the cli

background image

A P P E N D I X B

Obtaining Keys and Certificates

261

Using Global
Site
Certificates

Overview

The export versions of Internet Explorer and Netscape
Communicator initiate an SSL connection to the SSL server to use
40-bit encryption, even though the browser is capable of 128-bit
encryption. The server responds to the browser with a digital
certificate. If the certificate is not a global site certificate, both the
browser and server will continue the SSL handshake and use the 40-
bit key to encrypt application data. If the certificate is a global site
certificate (GSC), however, the client will terminate the previous SSL
handshake and renegotiate the connection to use 128-bit encryption.

A GSC is normally signed by an intermediate certificate authority
(CA), just like traditional certificates. The intermediate CA is either
Microsoft SGC Root, or Verisign Class 3 CA. These are called
chained certificates. When the browser gets the certificate from the
server along with the intermediate CA, it will verify the certificate,
the intermediate CA, and the root CA to determine the GSC
capability. The root CA is normally installed in the browser, but not
the intermediate CA. So the SA8220 should be able to send both the
certificate and the intermediate CA.

Using the CLI

If the certificate is not a global site certificate, the customer will only
need to import the certificate. If it is a global site certificate, the
customer has to import both the certificate and the intermediate CA
so that the CA is the last in the chain.

Type the

import certificate

command to import a certificate

or chained certificates. If the certificate is signed by a CA, paste the
CA after the certificate. If the CA is signed by another CA, paste the
CA after the signed CA, and so on. Here is an example:

HP

SA8220

/config/policygroup/test/service/test/

key/certificate#

import

When you type or paste in data, you must end the data entry with three
periods (...) alone on a line. This displays the command prompt.

This manual is related to the following products:
See also other documents in the category HP Computer hardware: