beautypg.com

Allied Telesis AT-S62 User Manual

Page 488

background image

Chapter 25: Web Server

Section VII: Management Security

488

General Steps to

Configuring the

Web Server for

Encryption

There are several procedures you need to perform in order to implement
HTTPS and web browser encryption on the switch. This section is here to
provide you with the general steps and the procedures for performing
them. There is a section for configuring the web server with a self-signed
certificate and another for a public or private CA certificate.

General Steps for a Self-signed Certificate

Below are the general steps to setting up the web server with a self-
signed certificate.

1. Set the switch’s date and time. You must do this before you create a

self-signed certificate because the date and time are stamped in the
digital document. For instructions, refer to Setting the System Time
on page 67.

2. Create a key pair, as explained in Creating an Encryption Key on page

500.

3. Create a self-signed certificate using the key pair, as explained in

Creating a Self-signed Certificate on page 524.

4. Add the certificate to the certificate database, as explained in Adding

a Certificate to the Database on page 528.

5. Configure the web server on the switch by activating HTTPS and

specifying the key pair used to create the certificate as the active key.
This step is explained in Configuring the Web Server on page 490.

General Steps for a Public or Private CA Certificate

Below are the steps for setting up the web server with a public or private
CA certificate. This requires generating an enrollment request.

1. Set the switch’s date and time. You must do this before you create the

enrollment request. The date and time are stamped in the request.
The instructions for this are in Setting the System Time on page 67.

2. Create a key pair, as explained in Creating an Encryption Key on page

500.

3. Generate an enrollment request, as explained in Generating an

Enrollment Request on page 537.

4. Upload the enrollment request from the AT-S62 file system onto your

management workstation or a TFTP server, as explained in Uploading
a System File on page 177.

5. Submit the enrollment request to the public or private CA.

See also other documents in the category Allied Telesis Computer hardware: