BigIron RX Series Configuration Guide 81
53-1002253-01
Configuring SSL security for the Web Management Interface
4
Configuring SSL security for the Web Management Interface
When enabled, the SSL protocol uses digital certificates and public-private key pairs to establish a
secure connection to the device. Digital certificates serve to prove the identity of a connecting
client, and public-private key pairs provide a means to encrypt data sent between the device and
the client.
Configuring SSL for the Web Management Interface consists of the following tasks:
• Enabling the SSL server on the device
• Importing an RSA certificate and private key file from a client (optional)
• Generating a certificate
Enabling the SSL server on the device
To enable the SSL server on the device, enter the following command.
BigIron RX(config)# web-management https
Syntax: [no] web-management http | https
You can enable either the HTTP or HTTPs servers with this command. You can disable both the
HTTP and HTTPs servers by entering the following command.
BigIron RX(config)# no web-management
Syntax: no web-management
Specifying a port for SSL communication
By default, SSL protocol exchanges occur on TCP port 443. You can optionally change the port
number used for SSL communication.
For example, the following command causes the device to use TCP port 334 for SSL
communication.
BigIron RX(config)# ip ssl port 334
Syntax: [no] ip ssl port <port-number>
The default port for SSL communication is 443.
Importing digital certificates and RSA private key files
To allow a client to communicate with the other device using an SSL connection, you configure a
set of digital certificates and RSA public-private key pairs on the device. A digital certificate is used
for identifying the connecting client to the server. It contains information about the issuing
Certificate Authority, as well as a public key. You can either import digital certificates and private
keys from a server, or you can allow the Brocade device to create them.
If you want to allow the Brocade device to create the digital certificates, refer to the next section,
“Generating an SSL certificate”. If you choose to import an RSA certificate and private key file from
a client, you can use TFTP to transfer the files.
For example, to import a digital certificate using TFTP, enter a command such as the following.
BigIron RX(config)# ip ssl certificate-data-file tftp 192.168.9.210 certfile
To Next Page
Loading...
