Specifying a certificate file, Advanced ssl profile configuration, Configuring client authentication – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual
Page 180
166
ServerIron ADX Security Guide
53-1002440-03
Advanced SSL profile configuration
6
To configure this feature, use commands such as the following:
ServerIronADX(config)#ssl profile sp1
ServerIronADX(config-ssl-profile-sp1)# cipher-suite rsa-with-aes-128-sha
ServerIronADX(config-ssl-profile-sp1)# cipher-suite rsa-with-rc4-128-md5
ServerIronADX(config-ssl-profile-sp1)# cipher-suite rsa-with-rc4-128-sha
Specifying a certificate file
Each SSL profile must be associated with a certificate file that was either imported or self
generated as described in
on page 139. The following example uses the
certificate-file command to associate the certificate file named "certfile1" with the "profile1" SSL
profile.
ServerIronADX(config)# ssl profile profile1
ServerIronADX(config-ssl-profile-profile1)# certificate-file certfile1
Syntax: certificate-file <certificate-file-name>
The <certificate-file-name> variable is an ASCII string that specifies a certificate file that either self
generated on the ServerIronADX using the ssl gencert command or imported into the
ServerIronADX as described in
Advanced SSL profile configuration
This section describes the following advanced SSL configuration options:
•
Client authentication
•
Enabling Session caching
•
Enabling SSLv2
•
Enabling close notify
•
Disabling Certificate verification
All SSL configuration parameters are configured in the configuration level under the specific SSL
profile. An SSL profile is created using the ssl profile command at the General configuration level
as shown in
“Basic SSL profile configuration”
.
Configuring client authentication
The following features can be configured for certificate management:
•
Enabling certificate verification
•
Configuring a CA certificate file
•
Creating a certificate revocation list
•
Allowing self signed certificates