Nortel Networks 5500 series User Manual

Configuring the domain

103

Table 8
Configuring SSL Settings (cont’d.)

/cfg/domain #/server/ssl

followed by:

cachesize <sessions>

Sets the size of the SSL cache.

•

sessions

is an integer less than or equal

to 10000 indicating the number of cached
sessions. The default is 4000.

If there are many cache misses, increase the

cachesize

value for better performance.

cachettl <ttl>

Specifies the maximum time to live (TTL) value
for items in the SSL cache. After the TTL has
expired, the items are discarded.

•

ttl

is an integer that indicates the TTL

value in seconds (

s

), minutes (

m

), hours

(

h

), or days (d). If you do not specify a

measurement unit, seconds is assumed.
The default is 5m (5 minutes).

cacerts <certificate

index>

Specifies which of the available CA certificates
to use for client authentication.

Not supported in Nortel Secure Network Access
Switch Software Release 1.6.1.

cachain <certificate

index list>

Specifies the CA certificate chain of the server
certificate.

•

certificate index list

is a

comma-separated list of the certificate
index numbers assigned to the certificates in
the chain. The chain starts with the issuing
CA certificate of the server certificate and
can range up to the root CA certificate.

The command explicitly constructs the server
certificate chain. The chain and the server
certificate are sent to the browser.

To clear all specified chain certificates, press
Enter at the prompt to enter the certificate
numbers. At the prompt to confirm that you
want to clear the list, enter

yes

.

ATTENTION

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.