Configuring ipv6 communication in solaris 10, Setting up ssl encryption, Flow of ssl communication settings – HP XP P9500 Storage User Manual
Page 13
3.
Select the Internet Protocol Version 6 (TCP/IPv6) check box.
Optionally, clear the Internet Protocol Version 4 (TCP/IPv4) check box.
4.
Click OK to close the dialog box.
Configuring IPv6 communication in Solaris 10
To configure a Remote Web Console computer to use IPv6 for communication with an SVP:
1.
Start the console.
2.
Execute the following command:
ipconfig network-interface-name inet down
Setting up SSL encryption
To improve security of remote operations from a Remote Web Console SVP to a storage system,
you can set up Secure Sockets Layer (SSL) encrypted communication. By setting SSL encryption,
the Remote Web Console User ID and Password are encrypted.
Note the following SSL terms:
•
Secure Sockets Layer: SSL is a protocol first developed by Netscape to securely transmit data
over the Internet. Two SSL-enabled peers use their private and public keys to establish a secure
communication session, with each peer encrypting transmitted data with a randomly generated
and agreed-upon symmetric key.
•
Keypair: A keypair is two mathematically-related cryptographic keys consisting of a private
key and its associated public key.
•
Server Certificate: A Server Certificate (also called a Digital Certificate) forms an association
between an identity (in this case the SVP server) and a specific keypair. A Server Certificate
is used to identify the SVP server to a client so that the server and client can communicate
using SSL. Server Certificates come in two basic types:
•
Self-signed: You generate your owned self-signed certificate and the subject of the certificate
is the same as the issuer of the certificate. If the Remote Web Console computers and the SVP
are on an internal LAN behind a firewall, you may find that this option provides sufficient
security.
•
Signed and Trusted: For a Signed and Trusted Server Certificate, a Certificate Signing Request
(CSR) is sent to and certified by a trusted Certificate Authority (CA) such as VeriSign (
)
If you enable SSL, you must make sure that the key pair and associated server certificate do not
expire. If either the key pair or the server certificate expires, users will be unable to connect to the
SVP. Server certificates require the use of a host name instead of an IP address.
Flow of SSL communication settings
The following shows a flow of required settings for SSL communication. Note that creation of private
and public keys requires a dedicated program. Download one from the OpenSSL Website
(http://www.openssl.org/).
Setting up SSL encryption
13