Security
ExtremeWare XOS 11.3 Concepts Guide
340
HTTPS access is provided through SSL and the Transport Layer Security (TLS1.0). These protocols
enable clients to verify the authenticity of the server to which they are connecting, thereby ensuring that
users are not compromised by intruders.
Similar to SSH2, before you can use any SSL commands, you must first download and install the
separate Extreme Networks SSH software module (ssh.xmod). This additional module allows you to
configure both SSH2 and SSL on the switch. SSL is packaged with the SSH module; therefore, if you do
not install the module, you are unable to configure SSL. If you try to execute SSL commands without
installing the module first, the switch notifies you to download and install the module. To install the
module, see the instructions in Appendix A, “Software Upgrade and Boot Options.”
You must upload or generate a certificate for SSL server use. Before you can upload a certificate, you
must purchase and obtain an SSL certificate from an Internet security vendor. The following security
algorithms are supported:
â—Ź RSA for public key cryptography (generation of certificate and public-private key pair, certificate
signing). RSA key size between 1024 and 4096 bits.
â—Ź Symmetric ciphers (for data encryption): RC4, DES, and 3DES.
â—Ź Message Authentication Code (MAC) algorithms: MD5 and SHA.
The Converged Network Analyzer (CNA) Agent requires SSL to encrypt communication between the
CNA Agent and the CNA Server. For more information about the CNA Agent, see Appendix C, “CNA
Agent.”
This section describes the following topics:
â—Ź Enabling and Disabling SSL on page 340
â—Ź Creating Certificates and Private Keys on page 341
â—Ź Displaying SSL Information on page 343
Enabling and Disabling SSL
This section describes how to enable and disable SSL on your switch.
NOTE
Prior to ExtremeWare XOS 11.2, the Extreme Networks SSH module did not include SSL. To use SSL for secure
HTTPS web-based login, you must upgrade your core software image to ExtremeWare XOS 11.2 or later, install the
SSH module that works in concert with that core software image, and reboot the switch.
Please keep in mind the following guidelines when using SSL:
â—Ź To use SSL with web-based login (secure HTTP access, HTTPS) you must specify the HTTPS
protocol when configuring the redirect URL.
â—Ź If you are downloading the SSH module for the first time and want to immediately use SSL for
secure HTTPS web-based login, restart the
thttpd process after installing the SSH module. For more
detailed information about activating the SSH module, see “Guidelines for Activating SSL” in
Appendix A.
To enable SSL and allow secure HTTP (HTTPS) access on the default port (443), use the following
command:
enable web https
To Next Page
Loading...
Need help?
General
