Configuring ssl on a serveriron adx, Obtaining a serveriron adx keypair file – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 154

140
ServerIron ADX Security Guide
53-1002440-03
Configuring SSL on a ServerIron ADX
6
Configuring SSL on a ServerIron ADX
When configuring a ServerIron ADX for either SSL Termination mode or SSL Proxy mode, you must
perform each of the following configuration tasks:
•
Obtain a Keypair File – This section describes how to obtain an SSL asymmetic key pair. You
can generate an RSA key pair or import an existing key pair. See
•
Certificate Management – This section describes various methods for obtaining a digital
certificate and the methods for importing Keys and Certificates. See
•
Basic SSL Profile Configuration – This section describes how to perform the minimum SSL
profile configuration. See
“Basic SSL profile configuration”
•
Advanced SSL Profile Configuration – This section describes additional SSL profile
configuration parameters. See
“Advanced SSL profile configuration”
•
Configure Real and Virtual Servers for SSL Termination and Proxy Mode – This section
describes the configuration details required to configure the Real and Virtual servers for SSL
on a ServerIron ADX. See
“Configuring Real and Virtual Servers for SSL Termination and Proxy
•
Configuring Other Protocols with SSL– This section describes how to configure other popular
protocols such as LDAPS, POP3S and IMAPS with SSL acceleration. See
•
Configure System Max Values – This section describes how to configure system max values for
SSLv2 connection rate and memory limit for SSL hardware buffers. See
Obtaining a ServerIron ADX keypair file
The keypair file specifies the location for retrieving the SSL asymmetric key pair, during an SSL
handshake. You can either generate an RSA keypair file on a ServerIron ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the flash memory and is not
deleted during a power cycle.
To generate an RSA keypair file, enter the following command.
ServerIronADX# ssl genrsa rsakey-file 1024 mypassword
Syntax: ssl genrsa
The
characters in length. The file name supports special characters like ’-’,’ _’, ’$’, ", ’%’, ’&’, and ’!’. It
does not support spaces and ’/’ characters.
The
RSA key strength should be 512, 768, 1024 or 2048.
NOTE
The ServerIron ADX does not support key strength greater than 2048 bits.
The
exceed 64 characters.