Support User Manuals

Brocade Communications Systems 12.4.00a Home Theater Server User Manual

Open as PDF

of 226

ServerIron ADX Security Guide 177

53-1002440-03

Configuration Examples for SSL Termination and Proxy Modes

6

Create SSL profile with required settings

ServerIronADX(config)# ssl profile myprofile

ServerIronADX(config-ssl-profile-myprofile)# keypair-file rsakey-file

ServerIronADX(config-ssl-profile-myprofile)# certificate-file mycert

ServerIronADX(config-ssl-profile-myprofile)# cipher-suite all

ServerIronADX(config-ssl-profile-myprofile)# exit

Define HTTP ports on real servers

ServerIronADX(config)# server real rs1 10.1.1.1

ServerIronADX(config-rs-rs1)# port http

ServerIronADX(config-rs-rs1)# exit

ServerIronADX(config)# server real rs2 10.1.1.2

ServerIronADX(config-rs-rs2)# port http

ServerIronADX(config-rs-rs2)# exit

Within virtual server: Define SSL port, specify server profile and enable SSL terminate

ServerIronADX(config)# server virtual-name-or-ip vip1 10.1.1.7

ServerIronADX(config-vs-vip1)# port ssl

ServerIronADX(config-vs-vip1)# port ssl ssl-terminate myprofile

Bind SSL in virtual server to real server HTTP ports

ServerIronADX(config-vs-vip1)# bind ssl rs1 http rs2 http

Configuring SSL Proxy Mode

The ServerIron ADX acts as a client to the real server. The real server presents a certificate, but the

certificate needs to be verified by the ServerIron ADX. Because the ServerIron ADX needs the CA

certificate from the issuing authority to verify the certificate from the real server, the CA certificate

must be uploaded to the ServerIron ADX before it can be used.

To configure SSL in proxy mode, perform the following tasks in sequence:

1. Upload the CA certificate to the ServerIron ADX as described in “Transferring a Keypair File and

a Certificate File” on page 149.

NOTE

If the server is using a self-signed certificate, the allow-self-signed certificate command must

be configured within the profile.

2. Create a Client Side SSL Profile.

3. Associate an RSA key pair and certificate with the Client Side SSL Profile.

4. Within the Client Side SSL profile select a Cipher Suite as described in “Specifying a cipher

suite” on page 165. This is optional.

5. Create a Server Side SSL Profile

6. In the Server Side profile specify the name of the certificate to be associated with the SSL

Server Side profile.

7. Configure Real and Virtual Servers as described in “Configuring Real and Virtual Servers for

SSL Proxy Mode” on page 174

previous next