EasyManua.ls Logo

IBM TS4300

IBM TS4300
324 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Appendix C. Getting started with SSL certicates
This topic provides a beginner-level description of the process for obtaining SSL certicates so you can
implement secure communications (HTTPS) on your tape library.
To summarize the process, you will:
1. Install OpenSSL, if it’s not already installed.
2. Generate a private key. A private key is used to create a digital signature for the library web server. This
le should be kept secure, as anyone with access to it may be able to gain access to the web server.
3. Generate a certicate. The certicate includes a public key that works together with your private key.
Depending on your security requirements, you can generate either:
A certicate signing request (CSR), which is a certicate in a format that can be sent to a CA
(certicate authority) for signing.
A self-signed certicate.
4. Create a certicate package.
5. Upload the certicate package to the tape library.
Examples of the most common OpenSSL command options are provided here. Refer to the OpenSSL
command help for additional options.
Working with OpenSSL
OpenSSL is an open-source software library that is widely used to generate and manage certicates.
OpenSSL is recommended to ensure compatibility with development and support.
Installing OpenSSL
The installation procedure depends on your operating system:
Windows users – There are several versions of OpenSSL for Windows. One such product is Win32
OpenSSL. Additional options can be found in the OpenSSL Binaries wiki. When installing, accept the
default installation settings.
Linux users – Refer to the OpenSSL Downloads page for the latest version.
Conguring OpenSSL
OpenSSL requires a master conguration le (openssl.cnf) to generate a certicate. If this le is not
included in your installation, you will receive an error message that mentions openssl.cnf. Follow these
steps to add the le:
1. Obtain a conguration le. If you don’t have one locally, MIT (Massachusetts Institute of Technology)
provides a generic conguration le that you can use. You don’t need to make any changes to the le
at this time. After you become more familiar with OpenSSL, you may want to customize some of the
settings.
2. Save the le to your computer in the following directory:
Windows
C:\Program Files (x86)\Common Files\SSL\
Linux
/etc/pki/tls/
IBM Condential
©
Copyright IBM Corp. 2017, 2023 185

Table of Contents

Other manuals for IBM TS4300

Preview: Manual
Manual288 pages

Related product manuals