Support User Manuals

Brocade Communications Systems 12.4.00a Home Theater Server User Manual

Open as PDF

of 226

176 ServerIron ADX Security Guide

53-1002440-03

Configuration Examples for SSL Termination and Proxy Modes

6

Configuration Examples for SSL Termination and Proxy Modes

This section describes the procedures required to perform the configurations described in “SSL

Termination Mode” on page 137 and “SSL Proxy Mode” on page 138. As shown in the examples

there, SSL Termination mode provides for an SSL connection between clients to the ServerIron

ADX. When configuring SSL Proxy Mode a configuration is created between the ServerIron ADX and

the server. In this case, the ServerIron ADX is configured as a client to the server.

Configuring SSL Termination Mode

In this mode, for enabling VRRPE for VIP address, it is necessary to use a different source-nat-ip for

ssl traffic.

For performing this function, use the following syntax:

Syntax: server source-nat-ip <ip> <mask> <gateway> port-range <range>

To configure SSL in the termination mode, perform the following tasks in sequence:

1. Generate or obtain an RSA key pair and copy it to the ServerIron ADX

2. Obtain a digital certificate and copy it to the ServerIron ADX

3. Create an SSL profile as described in “Allowing Self Signed Certificates” on page 169

4. Within the SSL profile specify a keypair file as described in “Specifying a keypair file” on

page 165.

5. Within the SSL profile specify a digital certificate file as described in “Specifying a certificate

file” on page 166.

6. Within the SSL profile select a Cipher Suite as described in “Specifying a cipher suite” on

page 165. This is optional.

7. Configure Real and Virtual Servers as described in “Configuring Real and Virtual Servers for

SSL Termination Mode” on page 173

Example

Generate an RSA key pair

ServerIronADX# ssl genrsa rsakey-file 1024 mypassword

Generate a Self-signed Digital Certificate

ServerIronADX# ssl gencert certkey rsakey-file signkey rsakey-file mypassword

mycert

You are about to be asked to enter information that will be incorporated into

your certificate request. What you are about to enter is what is called a

Distinguished Name or a DN.

Country name (2 letter code) [US] US

State or province (full name) [California] California

Locality name (city) [city]San Jose

Organization name (Company name) [Brocade] Brocade

Organizational unit name (department) [Web administration] Web Administration

Common name (your domain name) [www.brocade.com] www.brocade.com

Email address [webadmin@brocade.com] webadmin@brocade.com

transfer_ssl_object_buf_to_bp : The object buffer length is 492

transfer_ssl_object_buf_to_bp: The message length is 622

previous next