Certificates and Keys
Certificates are only needed if you intend to implement full PKI authentication for the viewer connections. If an
Viewer Connections
The browser connections to the Web Management interface are always using SSL connections. The viewer connections can use different levels of security.
Security Level (SSL): The switch offers three levels of security for viewer connections. From the
•Level 1 uses no SSL data encryption and no authentication. It’s the most straightforward setting and offers the most convenience if there are no security concerns. Anyone who has a viewer and an Internet connection can easily connect to the switch as long as the user fulfills the password policy requests.
•Level 2 uses SSL encryption for viewer connection, but only requires server authentication by the viewer client. Remote users are not required to install any certificates on their client computers. However, the viewer connection is encrypted with
•Level 3 uses
In all, there are nine possible combinations of viewer security levels and password policies available for the flexibility to adapt to your specific security needs.
KVM Server Password: This field will only appear if you choose to implement Level 3 security. See Page 16. Enter the password that has encrypted the server private key in the server private key file (serverkey.pem) in order to make a successful viewer connection with the switch in the Level 3 security setting. If you use the standard set of certificates provided on the included support CD, the password that encrypts the server private key is “serverpwd.” However, if you use your own set of certificates (as you should for a genuinely secure installation), you need to get the correct server password from the Certificate Authority that issued those certificates.
First, you should obtain a set of certificates from your administrator. If your certificate files have different names, change them to the valid names before uploading. To upload the certificates, click “Browse” to go to the location where your certificates reside. Select a certificate file, then click “Upload” to upload your certificates, one at a time, to the switch. After the uploading is completed, you should see the prompt page for a reboot. However, you don’t have to reboot before you have uploaded all the necessary certificates: Just reboot once after you’ve uploaded all necessary certificates: root.crt, server.crt and serverkey.pem. If you need to
•No Password means the viewer will not prompt you for any user password: The door is open unless you are using Level 3 security.
32 | MANAGEMENT OVER A BROWSER |
|