Enabling the ssl server on the device, Specifying a port for ssl communication – Brocade BigIron RX Series Configuration Guide User Manual

Page 152

Advertising
background image

74

BigIron RX Series Configuration Guide

53-1002484-04

Configuring SSL security for the Web Management Interface

3

Enabling the SSL server on the device

To enable the SSL server on the device, enter the following command.

BigIron RX(config)# web-management https

Syntax: [no] web-management http | https

You can enable either the HTTP or HTTPs servers with this command. You can disable both the
HTTP and HTTPs servers by entering the following command.

BigIron RX(config)# no web-management

Syntax: no web-management

Specifying a port for SSL communication

By default, SSL protocol exchanges occur on TCP port 443. You can optionally change the port
number used for SSL communication.

For example, the following command causes the device to use TCP port 334 for SSL
communication.

BigIron RX(config)# ip ssl port 334

Syntax: [no] ip ssl port <port-number>

The default port for SSL communication is 443.

Importing digital certificates and RSA private key files

To allow a client to communicate with the other device using an SSL connection, you configure a
set of digital certificates and RSA public-private key pairs on the device. A digital certificate is used
for identifying the connecting client to the server. It contains information about the issuing
Certificate Authority, as well as a public key. You can either import digital certificates and private
keys from a server, or you can allow the Brocade device to create them.

If you want to allow the Brocade device to create the digital certificates, refer to the next section,

“Generating an SSL certificate”

. If you choose to import an RSA certificate and private key file from

a client, you can use TFTP to transfer the files.

For example, to import a digital certificate using TFTP, enter a command such as the following.

BigIron RX(config)# ip ssl certificate-data-file tftp 192.168.9.210 certfile

Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>

NOTE

If you import a digital certificate from a client, it can be no larger than 2048 bytes.

To import an RSA private key from a client using TFTP, enter a command such as the following.

BigIron RX(config)# ip ssl private-key-file tftp 192.168.9.210 keyfile

Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>

The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.

Advertising
Popular Brands
Popular manuals