Alteon Application Switch Operating System Application Guide
Offloading SSL Encryption and Authentication
340 Document ID: RDWR-ALOS-V2900_AG1302
Trusted CA Certificates
Trusted CA certificates are certificates that come from a Certificate Authority that your organization
uses to provide users with certificates (client certificates). Trusted CA certificates are associated with
client authentication policies (see Client Authentication Policies, page 343
). If you use this option,
you must specify the trusted client CA certificate or group of trusted client CA certificates to allow
Alteon to know which client certificates to accept.
Trusted CA certificates are not created in Alteon—you must first import them. You select the trusted
CA certificates from those you have imported.
For details on associating a trusted CA certificate to a client authentication policy, see the section on
the
/cfg/slb/ssl/authpol menu in the Alteon Application Switch Operating System Command
Reference.
Importing and Exporting Certificate Components to and from the
Repository
You import and export components to and from the certificate repository as described in Table 28 -
Import and Export of Certificate Repository Components, page 340. For more information on
exporting and importing certificate repository components, see the section on the
/cfg/slb/ssl/
certs
menu in the Alteon Application Switch Operating System Command Reference.
Table 28: Import and Export of Certificate Repository Components
Component Export/ Import Description
Key pair Export, Import Key pairs include a private key and public key. The
private key is used to decrypt and encrypt the SSL
handshake, making it the most sensitive piece of
information in the PKI, and should be kept as
secure as possible. It is usually exported for
backup purposes only.
When a key pair is exported, it is encrypted with a
one-time passphrase supplied at the time of
export. The same passphrase must be supplied
during import to allow decrypting of the keys.
Public keys construct the other side of the
asymmetric encryption key pair and are published
as part of the certificate to allow decrypting traffic
encrypted by the private key, and vice-versa. Keys
are exported in encrypted PEM format.
Note: The maximum file size for importing SSL
components (excluding the 2424-SSL
configuration) is 200 KB.
CSR Export You export a CSR to a CA to get a trusted CA
signature for a server certificate that you want
created.
Certificate Export, Import Certificates are usually exported for backup
purposes. Certificate are exported in PEM format.
Note: The maximum file size for importing SSL
components (excluding the 2424-SSL
configuration) is 200 KB.
To Next Page
Loading...
Need help?
General