Support User Manuals

Brocade Communications Systems 12.4.00a Home Theater Server User Manual

Open as PDF

of 226

ServerIron ADX Security Guide 141

53-1002440-03

Configuring SSL on a ServerIron ADX

6

Once a key pair is generated it can be saved for backup on your server by exporting it as described

in “Importing keys and certificates” on page 148.

Also, you can import a keypair file (instead of generating it) as described in “Importing keys and

certificates” on page 148.

NOTE

The ServerIron ADX supports keys in PEM (Privacy Enhanced Mail) or PKCS12 (Public Key

Cryptography Standard 12) formats.

Certificate management

All configuration options used with the SSL acceleration features of the ServerIron ADX require that

you obtain a Certificate and upload it to the system. The following methods can be used to obtain

as certificate.

• “Generating a Self-Signed Certificate” on page 141

• “Using CA-signed certificates” on page 142

• “Exporting Web Server Certificates” on page 143

Once a digital certificate and a keypair are obtained you can Import them to the ServerIron ADX

using the procedures described in “Importing keys and certificates” on page 148. This section also

describes how to configure a list of certificates that have been revoked by a CA in “Importing keys

and certificates” on page 148.

Generating a Self-Signed Certificate

Before generating a self-signed certificate, you must obtain an RSA key pair as described in

Obtaining a ServerIron ADX keypair file 140

Once you’ve obtained the RSA key pair, you can generate a self-signed certificate as shown in the

following example.

ServerIronADX# ssl gencert certkey testkey signkey testkey brocade123 testcert

You are about to be asked to enter information that will be incorporated into

your certificate request. The information you enter is what is called a

Distinguished Name or a DN.

Country name (2 letter code) [US] US

State or province (full name) [Some state] TX

Locality name (city) [Some city] Dallas

Organization name (Company name) Brocade

Organizational unit name (department) Engineering

Common name (your domain name) www.brocade.com

Email address [webadmin@brocade.com] se@brocade.com

Syntax: ssl gencert certkey <key-pair-file> signkey <key-pair-file> <password> <cert-name>

The <key-pair-file> variable is the name of the RSA key pair used to build and sign this certificate. It

is created using the ssl genrsa command.

The <password> variable is the password that is used to store this certificate.

The <cert-name> variable is the filename used to store the generated certificate. This file name

can contain a maximum of 32 characters.

previous next