beautypg.com

Allied Telesis AT-S62 User Manual

Page 632

background image

Chapter 31: Web Server

Section VII: Management Security

632

❑ TLS (Transmission Layer Security) version 1.0

General Steps to

Configuring the

Web Server for

Encryption

There are several procedures you need to perform in order to implement
HTTPS and web browser encryption on the switch. This section is here to
provide you with the general steps and the procedures for performing
them. There is a section for configuring the web server with a self-signed
certificate and another for a public or private CA certificate.

General Steps for a Self-signed Certificate

Below are the general steps to setting up the web server with a self-
signed certificate.

1. Set the switch’s date and time. You must do this before you create a

self-signed certificate because the date and time are stamped in the
digital document. For instructions, refer to Setting the System Time
on page 65.

2. Create a key pair, as explained in Creating an Encryption Key on page

644.

3. Create a self-signed certificate using the key pair, as explained in

Creating a Self-signed Certificate on page 668.

4. Add the certificate to the certificate database, as explained in Adding

a Certificate to the Database on page 672.

5. Configure the web server on the switch by activating HTTPS and

specifying the key pair used to create the certificate as the active key.
This step is explained in Configuring the Web Server on page 634.

General Steps for a Public or Private CA Certificate

Below are the steps for setting up the web server with a public or private
CA certificate. This requires generating an enrollment request.

1. Set the switch’s date and time. You must do this before you create the

enrollment request. The date and time are stamped in the request.
The instructions for this are in Setting the System Time on page 65.

2. Create a key pair, as explained in Creating an Encryption Key on page

644.

3. Generate an enrollment request, as explained in Generating an

Enrollment Request on page 681.

4. Upload the enrollment request from the AT-S62 file system onto your

management workstation or a TFTP server, as explained in Uploading
a System File on page 195.

5. Submit the enrollment request to the public or private CA.

See also other documents in the category Allied Telesis Computer hardware: