Configuring for the ssl protocol, Browser and javatm support, Summary of ssl procedures – HP Brocade 4Gb SAN Switch for HP BladeSystem p-Class User Manual

54

Configuring standard security features

Configuring for the SSL protocol

Fabric OS v4.4.0 and later supports secure sockets layer (SSL) protocol, which provides secure access to a

fabric through web-based management tools like Advanced Web Tools. SSL support is a standard Fabric

OS feature; it is independent of Secure Fabric OS, which requires a license and separate certification.

Switches configured for SSL grant access to management tools through hypertext transfer protocol-secure

links (which begin with

https://

) instead of standard links (which begin with

http://

).

SSL uses public key infrastructure (PKI) encryption to protect data transferred over SSL connections. PKI is

based on digital certificates obtained from an Internet Certificate Authority (CA), which acts as the trusted

key agent.

Certificates are based on the switch IP address or fully qualified domain name (FQDN), depending on the

issuing CA. If you change a switch IP address or FQDN after activating an associated certificate, you

might have to obtain and install a new certificate. Check with the CA to verify this possibility, and plan

these types of changes accordingly.

Browser and Java

TM

support

Fabric OS supports the following Web browsers for SSL connections:

•

Internet Explorer (Microsoft Windows)

•

Mozilla (Solaris and Redhat Linux)

In countries that allow the use of 128-bit encryption, you should use the latest version of your browser. For

example, Internet Explorer 6.0 and later supports 128-bit encryption by default. You can display the

encryption support (called “cipher strength”) using the Internet Explorer Help:About menu option. If you

are running an earlier version of Internet Explorer, you might be able to download an encryption patch

from the Microsoft Web site at

http://www.microsoft.com

.

You should upgrade to the Java 1.4.2_03 Plug-in on your management workstation. To find the Java

version that is currently running, open the Java console and look at the first line of the window.

For more details on levels of browser and Java support, refer to the HP StorageWorks Fabric OS 4.x

Advanced Web Tools user guide.

Summary of SSL procedures

You configure for SSL by obtaining, installing, and activating digital certificates for SSL support.

Certificates are required on all switches that are to be accessed through SSL.

You also need to install a certificate to the Java Plug-in on the management workstation, and you might

need to add a certificate to your Web browser.

Configuring for SSL involves these major steps, which are shown in detail in the next sections:

1.

Choose a CA.

2.

On each switch:
a. Generate a public/private key (seccertutil genkey command).
b. Generate a certificate signing request (CSR) (seccertutil gencsr command) and store the CSR on an

FTP server (seccertutil export command).

3.

Obtain the certificates from the CA.