Allied Telesis AR400 Series Router User Manual

32

AR400 Series Router User Guide

Software Release 2.6.1
C613-02021-00 REV D

To secure your router’s HTTP Server with SSL for secure router
management via the GUI.

1.

Create a Security Officer user account

Only a user with Security Officer privilege can enable system security and SSL.

To add a user with the login name “CIPHER”, password “sbr4y3”,
login=yes, and SECURITY OFFICER privilege, use the command:

ADD USER="CIPHER" PASSWORD="sbr4y3"

PRIVILEGE=SECURITYOFFICER Login=yes

CREATE CONFIG=ssl.cfg

RESTART ROUTER

2.

Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use
the command:

LOGIN CIPHER

And then enter the password for “CIPHER”, “sbr4y3”.

3.

Enable system security

To enable system security, use the command:

ENABLE SYSTEM SECURITY

4.

Create an RSA key pair for this router.

To create an RSA key pair, use the command:

CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024

5.

Set the router’s distinguished name.

To set the router’s distinguished name to
"cn=router1,o=my_company,c=us", use the command:

SET SYSTEM DISTINGUISHEDNAME="cn=router1,

o=my_company,c=us"

6.

Set the UTC offset.

To set the Universal Coordinated Time to inform the router that the
difference between local time and GMT is 7 hours, use the command:

SET LOG UTCOFFSET=7

7.

Create a self-signed certificate for the router.

To create a PKI certificate without contacting a CA for browsing to the GUI,
use the command:

CREATE PKI CERTIFICATE=cer_name KEYPAIR=0

SERIALNUMBER=12345 SUBJECT="cn=172.30.1.105,

o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure router
management via the GUI. A pop-up message will appear in the browser
window warning that the certificate is not issued by a trusted authority. You
should create a certificate via a Certification Authority if you want to use SSL