Manuals / Brands / Computer Equipment / Computer Accessories / APC / Computer Equipment / Computer Accessories

APC AP7900 Method 2: Use the APC Security Wizard to create a CA certificate and a server certificate.

1 186

Download 186 pages, 1.27 Mb

®

USER’S GUIDE

Switched Rack PDU

129

Method 2: Use the APC Security Wizard to create a CA certificate and a

server certificate. You use the APC Security Wizard to create two digital

certificates:

•A CA root certificate (Certificate Authority root certificate) that the APC

Security Wizard uses to sign all server certificates and which you then

install into the certificate store (cache) of the browser of each user who

needs access to the Rack PDU.

•A server certificate that you upload to the Rack PDU. When the APC

Security Wizard creates a server certificate, it uses the CA root

certificate to sign the server certificate.

The Web browser authenticates the Rack PDU sending or requesting data:

• To identify the Rack PDU, the browser uses the common name (IP

address or DNS name of the Rack PDU) that was specified in the

server certificate’s distinguished name when the certificate was

created.

• To confirm that the server certificate is signed by a “trusted” signing

authority, the browser compares the signature of the server certificate

with the signature in the root certificate cached in the browser. An

expiration date confirms whether the server certificate is current.

This method has the following advantages and disadvantages.

•Advantages:

– Before they are transmitted, the user name and password for Rack

PDU access and all data to and from the Rack PDU are encrypted.

– The length of the public key (RSA key) that is used for en cryption

when setting up an SSL session is 1024 bits, providing more

complex encryption and consequently a higher level of security than

the public key used in Method 1. (This longer encryption key is also

used in Method 3.)

Contents

Main Contents Introduction Control Console Web Interface Device and Outlet Management Menus Data Menu (Web Interface Only) Network Menu System Menu Boot Mode Security How to Export Configuration Settings File Transfers Index Product Information Introduction Product Description Features of the Switched Rack PDU Initial setup Access Procedures Access priority for logging on Types of user accounts Page How to Recover From a Lost Password Page Upgrading Firmware through a Serial Connection Page Page Page Link-RX/TX (10/100) LED This LED indicates the network status. Status LED This LED indicates the network status of the Rack PDU. Load indicator LED The load indicator LED identifies overload and warning conditions for the displayed phase or bank. APC Worldwide Customer Support Wat ch do g F eatures Network interface watchdog mechanism Resetting the network timer Control Console How to Log On Remote access to the control console Telnet for basic access. SSH for high-security access. Local access to the control console Main Screen Example main screen The main screen that is displayed when you log on to the control console of a Rack PDU: Information and status fields Main screen information fields. Main screen status fields. Control Console Menus Menu structure Main menu Device Manager option Network option System option Web Inter face How to Log On Supported Web browsers URL address formats Summary Page Status Quick status tab Navigation Menu Selecting a menu to perform a task Help menu Links menu Device and Outlet Management Menus How to Configure and Control Outlet Groups Outlet group terminology Purpose and benefits of outlet groups System requirements for outlet groups Rules for configuring outlet groups How to enable outlet groups Enable creation of outlet groups. Enable support for global outlet groups (linked groups). How to create a local outlet group (Web interface) How to create multiple global outlet groups (Web interface) How to edit or delete an outlet group Typical outlet group configurations Page Verify your setup and configuration for global outlet groups Outlet Settings for Outlets and Outlet Groups How to initiate a control action Web i nter face. Control Console. Control actions you can select. How to configure outlet settings and outlet name Settings that you can configure. both the Web interface and control console unless otherwise indicated: Web I nterfa ce. Control Console. Switched Rack PDU Settings Configure Load Thresholds Web i nter face. Control console. How to configure Device Settings Web i nter face. Control console. Power Supply Status (control console only) Scheduling Outlet Actions (Web Interface Only) Actions you can schedule Page How to schedule an outlet event How to edit, disable, enable, or delete an outlet event Event-Related Menus Page Event Log Logged events Web interface Control console How to use FTP or SCP to retrieve a log file Secure CoPy (SCP). File Transfer Protocol (FTP). Page Event Actions (Web Interface Only) Severity levels Event log action Syslog action SNMP traps action Email action Event Recipients Trap Receiver settings E-mail Feature DNS servers SMTP settings Email Recipients Page Page How to Configure Individual Events Event List page Detailed Event Action Configuration page Data Menu (Web Interface Only) Log Option Configuration Option Network Menu Page Option Settings TCP/IP Current TCP/IP settings fields. Boot mode setting. Advanced settings. Page DNS Configure Domain Name System Settings fields. Send DNS Query (Web interface). Ping utility (control console only) FTP Se rv er Telnet/SSH Page Page Page Page Page SNMP Email See SMTP settings and E-mail Feature. Syslog Syslog settings. Syslog test (Web interface). message to the Syslog servers configured in the Syslog Server section. Syslog message format. Web/SSL (Web/SSL/TLS in the control console) Page Page Page Page Page Page WAP ISX Protocol (control console only) System Menu Page Option Settings User Manager Use this option to define access values shared by the control console and Web interface. Outlet User Manager Web i nter face. Control console. select Manage Outlet Users from the User Manager menu. RADIUS Configuring the Rack PDU. Configuring the RADIUS server. Page Identification Date & Time Set Manually. Synchronize with Network Time Protocol (NTP) Server . Too ls Use this option to perform the following actions. Links (Web interface) Modem (not supported) About System Page Boot Mode DHCP & BOOTP boot process DHCP Configuration Settings Switched Rack PDU settings Page DHCP response options Vendor Specific Information (opt ion 43). Page TCP/IP options. Miscellaneous options. Security Security Features Planning and implementing security features Summary of access methods Serial control console. Remote control console. SNMP. File transfer protocols. Web S erve r. RADIUS. Changing default user names and passwords immediately Port assignments User names, passwords, community names (SNMP) Authentication versus Encryption Page Encryption Secure SHell (SSH) and Secure CoPy (SCP) Page Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Page Creating and Installing Digital Certificates Purpose Choosing a method for your system Method 1: Use the auto-generated default certificate. Page Method 2: Use the APC Security Wizard to create a CA certificate and a server certificate. Page Page Page Page Using the APC Security Wizard Overview Authentication How certificates are used. How SSH host keys are used. Files you create for SSL and SSH security Page Create a Root Certificate & Server Certificates Create the CA root certificate. Load the CA root certificate to your browser . Create an SSL Server User Certificate. Load the server certificate to the Rack PDU. Create a Server Certificate and Signing Request Create the Certificate Signing Request (CSR). Page Import the signed certificate. Load the server certificate to the Rack PDU. Create an SSH Host Key Create the host key. Load the host key to the Rack PDU. APC Device IP Configuration Wizard Purpose and Requirements Purpose: configure basic TCP/IP settings System requirements Install the Wizard Use the Wizard Launch the Wizard Configure the basic TCP/IP settings remotely Prepare to configure the settings. Run the Wizard to perform the configuration. Configure or reconfigure the TCP/IP settings locally How to Export Configuration Settin gs Retrieving and Exporting the .ini File Summary of the procedure Contents of the .ini file Detailed procedures Retrieving. Customizing. Exporting the file to a single Rack PDU. Exporting the file to multiple Rack PDUs. The Upload Event and Error Messages The event and its error messages Messages in config.ini Errors generated by overridden values Using the APC Device IP Configuration Wizard File Transfers Upgrading Firmware: Methods and Tools Benefits of upgrading firmware Firmware files (Switched Rack PDU) Obtain the latest firmware version Automated upgrade tool for Microsoft Windows systems. Manual upgrades, primarily for Linux systems. Firmware file transfer methods Use FTP or SCP to upgrade one Rack PDU Instructions for using FTP . Instructions for using SCP . How to upgrade multiple Rack PDUs Export configuration settings. Use FTP or SCP to upgrade multiple Rack PDUs. Use XMODEM to upgrade one Rack PDU Page Verifying Upgrades and Updates Last Transfer Result codes Product Information Warranty and Service Limited warranty Warranty limitations Obtaining service Life-Support Policy General policy Examples of life-support devices Index A B C D E F G H I K L M N O P R S Page T U V W APC Worldwide Customer Support Copyright 990-1368D-001 04/2005