Allied Telesis AR700 SERIES Software Release 2.7.1 User Manual

Page 30

AR700 Series Router User Guide

Software Release 2.7.1
C613-02047-00 REV A

To secure your router’s HTTP Server with SSL for secure router
management via the GUI.

Create a Security Officer user account

Only a user with Security Officer privilege can enable system security and SSL.

To add a user with the login name “CIPHER”, password “sbr4y3”,
login=yes, and SECURITY OFFICER privilege, use the command:

add user="cipher" password="sbr4y3"

privilege=securityofficer login=yes

create config=ssl.cfg

restart router

Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use
the command:

And then enter the password for “CIPHER”, “sbr4y3”.

Enable system security

To enable system security, use the command:

enable system security

Create an RSA key pair for this router.

To create an RSA key pair, use the command:

create enco key=0 type=rsa length=1024

Set the router’s distinguished name.

To set the router’s distinguished name to
"cn=router1,o=my_company,c=us", use the command:

set system distinguishedname="cn=router1,

o=my_company,c=us"

Set the UTC offset.

To set the Universal Coordinated Time to inform the router that the
difference between local time and GMT is 7 hours, use the command:

set log utcoffset=7

Create a self-signed certificate for the router.

To create a PKI certificate without contacting a CA for browsing to the GUI,
use the command:

create pki certificate=cer_name keypair=0

serialnumber=12345 subject="cn=172.30.1.105,

o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure router
management via the GUI. A pop-up message will appear in the browser
window warning that the certificate is not issued by a trusted authority. You
should create a certificate via a Certification Authority if you want to use SSL
with the Load Balancer. For details, see the Public Key Infrastructure (PKI)
chapter of your Software Reference.