Configuring ipv6 communication in solaris 10, Setting up ssl encryption, Creating a keypair – HP XP RAID Manager Software User Manual
Page 13: Creating a private key (.key file), Setting
3.
Select the Internet Protocol Version 6 (TCP/IPv6) check box.
Optionally, clear the Internet Protocol Version 4 (TCP/IPv4) check box.
4.
Click OK to close the dialog box.
Configuring IPv6 communication in Solaris 10
Procedure 2 To configure a Remote Web Console computer to use IPv6 for communication between
an SVP:
1.
Start the console.
2.
Execute the following command:
ipconfig network-interface-name inet down
Setting up SSL encryption
In order to improve security of remote operations from a Remote Web Console SVP to a storage
system, you can set up Secure Sockets Layer (SSL) encrypted communication. By setting SSL
encryption, the Remote Web Console user ID and password are encrypted.
This document uses the following SSL terms:
•
Secure Sockets Layer: SSL is a protocol first developed by Netscape® to securely transmit
data over the Internet. Two SSL-enabled peers use their private and public keys to establish a
secure communication session, with each peer encrypting transmitted data with a randomly
generated and agreed-upon symmetric key.
•
Keypair: A keypair is two mathematically-related cryptographic keys consisting of a private
key and its associated public key.
•
Server Certificate: A Server Certificate (also called a Digital Certificate) forms an association
between an identity (in this case the SVP server) and a specific keypair. A Server Certificate
is used to identify the SVP server to a client so that the server and client can communicate
using SSL. Server Certificates come in two basic types:
◦
Self-signed: You generate your owned self-signed certificate and the subject of the
certificate is the same as the issuer of the certificate. If the Remote Web Console computers
and the SVP are on an internal LAN behind a firewall, you may find that this option
provides sufficient security.
◦
Signed and Trusted: For a Signed and Trusted Server Certificate, a Certificate Signing
Request (CSR) is sent to and certified by a trusted Certificate Authority (CA) such as
VeriSign®
.
If you enable SSL, you must make sure that the key pair and associated server certificate do not
expire. If either the key pair or the server certificate expires, users will be unable to connect to the
SVP. Server certificates require the use of a host name instead of an IP address.
Creating a keypair
To enable SSL, you must create a keypair consisting of a public and a private key. The instructions
use Windows XP as an example.
If you are using Solaris, download software for creating a keypair such as OpenSSL (
), and follow the manufacturer’s instructions.
The program (openssl.exe) for creating private and public keys is available on the CD-ROM for
SSL communications provided with this product.
Creating a private key (.key file)
A private key is required to create an SSL keypair. The following procedure is for the Windows
XP operating system.
Setting up SSL encryption
13