Configuring ssl on a brocade virtual adx, Obtaining a brocade virtual adx keypair file – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 113
Brocade Virtual ADX Security Guide
101
53-1003250-01
Configuring SSL on a Brocade Virtual ADX
6
Four level chain
CA ---> 1st level Intermediate CA ---> 2nd level Intermediate CA ---> server certificate
The end clients, including Mozilla, Firefox and Internet Explorer, always have a copy of the
well-known parent CA's certificate. They, however, may not have the intermediate CA's certificates.
Configuring SSL on a Brocade Virtual ADX
When configuring a Brocade Virtual ADX for SSL Termination mode, you must perform each of the
following configuration tasks:
•
Obtain a keypair file: This section describes how to obtain an SSL asymmetic key pair. You can
generate an RSA key pair or import an existing key pair. See
“Obtaining a Brocade Virtual ADX
•
Certificate management: This section describes various methods for obtaining a digital
certificate and the methods for importing keys and certificates. See
•
Basic SSL profile configuration: This section describes how to perform the minimum SSL
profile configuration. See
“Basic SSL profile configuration”
•
Advanced SSL profile configuration – This section describes additional SSL profile
configuration parameters. See
“Advanced SSL profile configuration”
•
Configure real and virtual servers for SSL Termination Mode: This section describes the
configuration details required to configure the real and Virtual servers for SSL on a Brocade
Virtual ADX. See
“Configuring Real and Virtual Servers for SSL Termination Mode”
•
Configuring other protocols with SSL: This section describes how to configure other popular
protocols such as LDAPS, POP3S and IMAPS with SSL. See
“Other protocols supported for SSL”
•
Configure system max values: This section describes how to configure system max values for
SSLv2 connection rate, concurrent connections, profiles, certificate size, and certificate and
key counts. See
“Configuring the system max values”
Obtaining a Brocade Virtual ADX keypair file
The keypair file specifies the location for retrieving the SSL asymmetric key pair, during an SSL
handshake. You can either generate an RSA keypair file on a Brocade Virtual ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the host secondary memory
and is not deleted during a power cycle.
To generate an RSA keypair file, enter the following command.
Virtual ADX#ssl genrsa rsakey-file 1024 mypassword
Syntax: ssl genrsa file-name key-strength password
The file-name variable specifies the name of the keypair file. The file name can be up to 24
characters in length. The file name supports special characters like ’-’,’ _’, ’$’, ", ’%’, ’&’, and ’!’. It
does not support spaces and ’/’ characters.
The key-strength variable specifies the Key strength (number of bits) for the RSA key pair. The RSA
key strength should be 512, 768, 1024 or 2048.