Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems OL-5742-01 manual opt/CSCOsgm/etc/ssl/server.csr is a CSR, 18-28

Models: OL-5742-01

1 42

Download 42 pages 34.07 Kb

Page 28

–/opt/CSCOsgm/etc/ssl/server.csr is a CSR.

Chapter 18 Configuring SGM Security

Implementing SSL Support in SGM

SGM generates the following files:

–/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure that unauthorized personnel cannot access this key.

–/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate.

–/opt/CSCOsgm/etc/ssl/server.csr is a certificate signing request (CSR). It is not used if you are using a self-signed SSL certificate.

•To install a new SSL key and a CA-signed certificate, generate the key and a CSR by logging in as the root user on the SGM server and entering the sgm keytool genkey command.

SGM stops the SGM server and issues the following prompts:

Country Name (2 letter code) []:

State or Province Name (full name) []:

Locality Name (eg, city) []:

Organization Name (eg, company) []:

Organizational Unit Name (eg, section) []:

Common Name (your hostname) []:

Email Address []:

Enter the requested information.

SGM generates the following files:

–/opt/CSCOsgm/etc/ssl/server.key is the SGM server’s private key. Ensure that unauthorized personnel cannot access this key.

–/opt/CSCOsgm/etc/ssl/server.csr is a CSR.

–/opt/CSCOsgm/etc/ssl/server.cer is the self-signed SSL certificate. It is not used if you are using a CA-signed SSL certificate; the CA-signed certificate overrides the self-signed certificate.

Print the CSR in X.509 server and entering the

format, by logging in as the root user on the SGM sgm keytool print_csr command.

Send the CSR to a certificate authority (CA) to be signed.

After the CA signs the certificate, log in as the root user on the SGM server and enter the following command:

# ./sgm keytool import_cert cert_filename

where cert_filename is the name of the signed certificate.

SGM stops the SGM server and imports the certificate in X.509 format.

	Cisco Signaling Gateway Manager User Guide
18-28	OL-5742-01

Image 28

Cisco Systems OL-5742-01 manual opt/CSCOsgm/etc/ssl/server.csr is a CSR, # ./sgm keytool import cert cert filename, 18-28

Contents

Configuring SGM User-BasedAccess Configuring SGM User-BasedAccess, pageCreating Secure Passwords, page 18-5 Required Implementing SSL Support in SGM, page#cd /opt/CSCOsgm/bin #./sgm useraccess enable Implementing SGM User-BasedAccess Solaris Only18-2 sgm disablepass -sgm passwordage -sgm userpass sgm adduser -sgm disableuser -sgm enableusersgm updateuser #./sgm authtype local# ./sgm sgm adduser username # ./sgm authtype solaris18-4 Creating Secure Passwords 18-5Basic User Level 1 Access, page Power User Level 2 Access, pageNetwork Operator Level 3 Access, page Network Administrator Level 4 Access, pageBasic User Level 1 Access 18-7Network Operator Level 3 Access Power User Level 2 Access18-8 System Administrator Level 5 Access Network Administrator Level 4 Access18-9 18-10 System Messages and Logs# ./sgm badloginalarm number-of-attempts # ./sgm badloginalarm clear# ./sgm badlogindisable number-of-attempts # ./sgm badlogindisable clear# ./sgm passwordage number-of-days # ./sgm inactiveuserdays number-of-days# ./sgm inactiveuserdays clear 18-12# ./sgm passwordage clear #./sgm clitimeout number-of-minutes# ./sgm clitimeout clear 18-13# ./sgm disablepass username # ./sgm deluser username18-14 # cd /opt/CSCOsgm/bin# ./sgm disableuser username 18-15# ./sgm enableuser username # ./sgm userpass usernamepage 18-16# ./sgm updateuser username 18-17# ./sgm newlevel username Displaying a Message of the Day18-18 Last Updated Field or ButtonDescription Message of the Day#cd /opt/CSCOsgm/bin #./sgm motd enable Decline# ./sgm motd edit 18-20Manually Synchronizing Local SGM Passwords # ./sgm motd disableListing All Currently Defined Users # ./sgm motd catDisabled # ./sgm listusers username#cd /opt/CSCOsgm/bin #./sgm seclog 18-22#cd /opt/CSCOsgm/bin #./sgm restore security Restoring Security-RelatedSGM Data# ./sgm seclog clear 18-23Disabling SGM User-BasesAccess #cd /opt/CSCOsgm/bin #./sgm useraccess disableSpecifying a Super User Solaris Only # ./sgm restartsgm backup -sgm browserpath -sgm certgui sgm certtool -sgm clean -sgm cleanallsgm cleandb -sgm cw2ksetup -sgm evilstop sgm reboot -sgm restore -sgm restorepropsImplementing SSL Support in SGM sgm webport -sgm xtermpathEnabling SSL Support in SGM, page Launching the SGM Certificate Tool for SSL, pageEnabling SSL Support in SGM Exporting an SSL Certificate, pageManaging SSL Support in SGM, page Disabling SSL Support in SGM, page# ./sgm keytool import cert cert filename opt/CSCOsgm/etc/ssl/server.csr is a CSR18-28 18-29 Step 5 Restart the SGM client18-30 SGM displays the SGM Server Home page#cd /opt/CSCOsgm/bin #./sgm certgui Launching the SGM Certificate Tool for SSL18-31 Issued to Issued byExpiration Date ImportImporting an SSL Certificate to an SGM Client DetailsExit HelpCancel Exporting an SSL CertificateLook In File NameSave In 18-35Field or Button DescriptionSave 18-36Cancel Field or Button18-37 Chapter 18 Configuring SGM SecurityCisco Signaling Gateway Manager User Guide Figure 18-5Certificate Information DialogIssuer SubjectVersion Serial numberDisabling SSL Support in SGM Managing SSL Support in SGM18-39 Step 2 Enter the following command 18-40# cd /opt/CSCOsgm/bin #./sgm ipaccess edit #./sgm ipaccess add18-41 18-42 Any changes you make to the ipaccess.conf file take effect when you restart the SGM server