9-3
Configuring Secure Socket Layer (SSL)
Terminology
Terminology
■ SSL Server: An HP switch with SSL enabled.
■ Key Pair: Public/private pair of RSA keys generated by switch, of
which public portion makes up part of server host certificate and
private portion is stored in switch flash (not user accessible).
■ Digital Certificate: A certificate is an electronic “passport” that is
used to establish the credentials of the subject to which the certificate
was issued. Information contained within the certificate includes:
name of the subject, serial number, date of validity, subject's public
key, and the digital signature of the authority who issued the certifi-
cate. Certificates on HP switches conform to the X.509v3 standard,
which defines the format of the certificate.
■ Self-Signed Certificate: A certificate not verified by a third-party
certificate authority (CA). Self-signed certificates provide a reduced
level of security compared to a CA-signed certificate.
■ CA-Signed Certificate: A certificate verified by a third party certif-
icate authority (CA). Authenticity of CA-Signed certificates can be
verified by an audit trail leading to a trusted root certificate.
■ Root Certificate: A trusted certificate used by certificate authorities
to sign certificates (CA-Signed Certificates) and used later on to verify
that authenticity of those signed certificates. Trusted certificates are
distributed as an integral part of most popular web clients. (see
browser documentation for which root certificates are pre-installed).
■ Manager Level: Manager privileges on the switch.
■ Operator Level: Operator privileges on the switch.
■ Local password or username: A Manager-level or Operator-level
password configured in the switch.
■ SSL Enabled: (1)A certificate key pair has been generated on the
switch (WebAgent or CLI command: crypto key generate cert [key
size] (2) A certificate been generated on the switch (WebAgent or CLI
command: crypto host-cert generate self-signed [arg-list]) and
(3) SSL is enabled (WebAgent or CLI command: web-management
ssl). (You can generate a certificate without enabling SSL, but you
cannot enable SSL without first generating a Certificate.
To Next Page
Loading...
Need help?
General