beautypg.com

Configuring ssl on a serveriron adx, Obtaining a serveriron adx keypair file – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 154

background image

140

ServerIron ADX Security Guide

53-1002440-03

Configuring SSL on a ServerIron ADX

6

Configuring SSL on a ServerIron ADX

When configuring a ServerIron ADX for either SSL Termination mode or SSL Proxy mode, you must
perform each of the following configuration tasks:

Obtain a Keypair File – This section describes how to obtain an SSL asymmetic key pair. You
can generate an RSA key pair or import an existing key pair. See

“Obtaining a ServerIron ADX

keypair file”

on page 140.

Certificate Management – This section describes various methods for obtaining a digital
certificate and the methods for importing Keys and Certificates. See

“Certificate management”

on page 141.

Basic SSL Profile Configuration – This section describes how to perform the minimum SSL
profile configuration. See

“Basic SSL profile configuration”

on page 164.

Advanced SSL Profile Configuration – This section describes additional SSL profile
configuration parameters. See

“Advanced SSL profile configuration”

on page 166.

Configure Real and Virtual Servers for SSL Termination and Proxy Mode – This section
describes the configuration details required to configure the Real and Virtual servers for SSL
on a ServerIron ADX. See

“Configuring Real and Virtual Servers for SSL Termination and Proxy

Mode”

on page 172.

Configuring Other Protocols with SSL– This section describes how to configure other popular
protocols such as LDAPS, POP3S and IMAPS with SSL acceleration. See

“Other protocols

supported for SSL”

on page 184

Configure System Max Values – This section describes how to configure system max values for
SSLv2 connection rate and memory limit for SSL hardware buffers. See

“Configuring the

system max values”

on page 185.

Obtaining a ServerIron ADX keypair file

The keypair file specifies the location for retrieving the SSL asymmetric key pair, during an SSL
handshake. You can either generate an RSA keypair file on a ServerIron ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the flash memory and is not
deleted during a power cycle.

To generate an RSA keypair file, enter the following command.

ServerIronADX# ssl genrsa rsakey-file 1024 mypassword

Syntax: ssl genrsa

The variable specifies the name of the keypair file. The file name can be up to 24
characters in length. The file name supports special characters like ’-’,’ _’, ’$’, ", ’%’, ’&’, and ’!’. It
does not support spaces and ’/’ characters.

The variable specifies the Key strength (number of bits) for the RSA key pair. The
RSA key strength should be 512, 768, 1024 or 2048.

NOTE

The ServerIron ADX does not support key strength greater than 2048 bits.

The variable specifies the password to the file. The length of password should not
exceed 64 characters.

See also other documents in the category Brocade Communications Systems Home Theater Systems: