Zte ZXR10 2900E Series - SSL Configuration

To Next Page

To Previous Page

Chapter5ServiceConguration

5.47SSLConguration

SSLOverview

TheSSLprotocolisanintermediateprotocol.Itislocatedbetweentheapplicationlayer

andtransportlayerinthenetworkmodel.Throughthedataencryption,identication

authentication,andmessageintegrityvalidationmechanisms,SSLensuressecurityfor

connectionsestablishedbasedonreliableapplicationlayerprotocols(forexample,TCP).

TheSSLfunctionalmoduleenablestheZXR102900EtooperateasanSSLserverand

completeinteractionwithaclient.TheinteractionprocedureincludesSSLhandshaking,

andpacketmonitoring,receiving,parsingandsending.TheSSLhandshakingprocedure

includesnegotiatinganencryptionalgorithm,verifyingthelocalcerticateontheserver,

exchangingkeys,andverifyingaMACaddress.Theencryptionalgorithm,localcerticate

ontheserver,keys,andMACaddressareusedfordataencryptionanddecryption,

identicationauthentication,andmessageintegrityvalidationinasubsequentsession.

EncryptioncerticatemanagementistheprerequisiteforSSLhandshaking.Certicate

managementincludeskeygenerationmanagement,localcerticategenerationonthe

server,androotcerticategenerationontheclient.

UserscanaccesstheZXR102900EbyusingbrowsersandHTTPStoperformWeb-based

congurationandmanagement.

ConguringSSL

TheSSLcongurationincludesthefollowingcommands:

CommandFunction

zte(cfg)#setssl{enable|disable}EnablesordisablestheSSLfunction.

zte(cfg)#createca{<A.B.C.D/M>|<A.B.C.D><n

etworkmask>}

Managestheencryptioncerticate,andcreates

anRSAkey,alocalcerticateontheserverand

arootcerticateontheclient.

showssl(allcongurationmodes)DisplaystheSSLcongurationandstate.

SSLCongurationInstance

lCongurationDescription

SeeFigure5-62,alayer-3portisconguredontheswitch,andtheIPaddressisset

to192.168.100.110/24.TheIPaddressofthePCissetto192.168.100.109/24.The

switchoperatesastheSSLserver,andthebrowseronthePCoperatesastheSSL

client.

5-167

SJ-20130731155059-002|2013-11-27(R1.0)ZTEProprietaryandCondential

Other manuals for Zte ZXR10 2900E Series