30

AT-8800 Series Switch User Guide

2.Login as a Security Officer

To login as the user with Security Officer privilege called “CIPHER”, use the command:

LOGIN CIPHER

And then enter the password for “CIPHER”, “sbr4y3”.

3.Enable system security

To enable system security, use the command:

ENABLE SYSTEM SECURITY

4.Create an RSA key pair for this switch.

To create an RSA key pair, use the command:

CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024

5.Set the switch’s distinguished name.

To set the switch’s distinguished name to "cn=switch1,o=my_company,c=us", use the command:

SET SYSTEM DISTINGUISHEDNAME="cn=switch1, o=my_company,c=us"

6.Set the UTC offset.

To set the Universal Coordinated Time to inform the switch that the difference between local time and GMT is 7 hours, use the command:

SET LOG UTCOFFSET=7

7.Create a self-signed certificate for the switch.

To create a PKI certificate without contacting a CA for browsing to the GUI, use the command:

CREATE PKI CERTIFICATE=cer_name KEYPAIR=0 SERIALNUMBER=12345 SUBJECT="cn=172.30.1.105, o=my_company, c=us"

Using this command creates a certificate that is only suitable for secure switch management via the GUI. A pop-up message will appear in the browser window warning that the certificate is not issued by a trusted authority. You should create a certificate via a Certification Authority if you want to use SSL with the Load Balancer. For details, see the Public Key Infrastructure (PKI) chapter of your Software Reference.

8.Load self-signed switch certificate

To load the signed switch certificate onto the switch, use the command:

ADD PKI CERTIFICATE=cer_name LOCATION=cer_name.cer

TRUST=YES

9.Enable SSL on the HTTP server

To enable SSL on the HTTP server with previously created SSL Key and the port 443, use the command:

SET HTTP SERVER SECURITY=ON SSLKEY=0 PORT=443

Software Release 2.6.1 C613-02039-00 REV A

Page 30
Image 30
Allied Telesis 2.6.1 manual Then enter the password for CIPHER, sbr4y3, To enable system security, use the command