Configuration examples for ssl termination mode, Configuring ssl termination mode, N, see – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 146: Configuration examples for ssl termination, Mode

Advertising
background image

134

Brocade Virtual ADX Security Guide

53-1003250-01

Configuration examples for SSL Termination Mode

6

An SSL port is defined on the virtual server vip2.

SSL Termination is enabled and the SSL profile ipv6_profile is specified on the virtual server
vip2.

A bind is configured between SSL on virtual server vip2 and HTTP on real server rs2.

Virtual ADX(config)#server real rs2 2001:db8:2000::1

Virtual ADX(config-rs-rs2)#port http

Virtual ADX(config-rs-rs2)#exit

Virtual ADX(config)#server virtual-name-or-ip vip2 2001:db8:2000::10

Virtual ADX(config-vs-vip2)#port ssl

Virtual ADX(config-vs-vip2)#port ssl ssl-terminate ipv6_profile

Virtual ADX(config-vs-vip2)#bind ssl rs2 http

Syntax: [no] port ssl ssl-terminate ssl-profile-name

The ssl-profile-name variable specifies the name of the SSL profile that you want to bind to the SSL
port, termination mode configuration.

Configuration examples for SSL Termination Mode

This section describes the procedures required to perform the configurations described in

“SSL

Termination Mode”

on page 99 a. As shown in the examples there, SSL Termination mode provides

for an SSL connection between clients to the Brocade Virtual ADX.

Configuring SSL Termination Mode

To configure SSL in the termination mode, perform the following tasks in sequence:

1. Generate or obtain an RSA key pair and copy it to the Brocade Virtual ADX

2. Obtain a digital certificate and copy it to the Brocade Virtual ADX

3. Create an SSL profile as described in

“Allowing self-signed certificates”

on page 130

4. Within the SSL profile specify a keypair file as described in

“Specifying a keypair file”

on

page 125.

5. Within the SSL profile specify a digital certificate file as described in

“Specifying a certificate

file”

on page 127.

6. Within the SSL profile select a Cipher Suite as described in

“Specifying a cipher suite”

on

page 126. This is optional.

7. Configure real and virtual servers as described in

“Configuring real and virtual servers for SSL

Termination Mode”

on page 133.

Generate an RSA key pair example

Virtual ADX#ssl genrsa rsakey-file 1024 mypassword

Generate a Self-signed Digital Certificate example

Virtual ADX#ssl gencert certkey rsakey-file signkey rsakey-file mypassword

mycert

You are about to be asked to enter information that will be incorporated into

your certificate request. What you are about to enter is what is called a

Distinguished Name or a DN.

Country name (2 letter code) [US] US

Advertising
Popular Brands
Popular manuals