beautypg.com

Confi gure > ssl clients > ssl client n 4.85 – Westermo MR Series User Manual

Page 253

background image

253

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Confi gure > SSL clients > SSL Client n

4.85

Some sites, when connecting to them using SSL, require client side authentication. The unit’s SSL
client handles the authentication for SSL connections using certificates signed by a Certificate
Authority (CA). For more information regarding certificates and certificate requests, refer
to Configure > Certificate requests, Configure > Certificates > SCEP and Configure >
Certificates > Utilities.

Using the Web Page(s)

Client certificate filename:

The filename of the certificate file required for client authentication.

Client private key filename:

The file that contains the private key that matches the public key stored in the certificate
entered in the Client certificate filename parameter.

Cipher list:

The cipher list consists of one or more cipher strings separated by colons. Commas or spaces
are also acceptable separators but colons are normally used. The actual cipher string can take
several different forms. It can consist of a single cipher suite such as RC4-SHA. It can represent
a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. For exam-
ple SHA1 represents all ciphers suites using the digest algorithm SHA1 and SSLv3 represents
all SSL v3 algorithms. Lists of cipher suites can be combined in a single cipher string using the +
character. This is used as a logical and operation. For example SHA1+DES represents all cipher
suites containing the SHA1 and the DES algorithms. If left empty the cipher list is not used.

For more information see: http://www.openssl.org/docs/apps/ciphers.html

This config applied to this destination IP address:

This parameter allows the configuration of multiple SSL destinations, each having a different cer-
tificate/key. When configured, this will lock the SSL client settings to a specific IP address. If this
parameter is left blank, the configured SSL client settings will be used for any connection that
requires SSL.

Using Text Commands

To configure the SSL client via the command line use the sslclicommand.

To display current settings for the SSL client enter the following command:

sslcli ?

where is 0-5.

To change the value of a parameter use the command in the format:

sslcli

The parameter options and values are:

Parameter

Values

Equivalent Web parameter

certfile

text

Client certificate filename

cipherlist

test

Cipher List

debug

off, on

None - Sends debugging informa-
tion to the command line console

ipaddr

IP address

This config applied to this destina-
tion IP address

keyfile

text

Client private key filename

This manual is related to the following products:
See also other documents in the category Westermo Equipment: