Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems OL-5742-01 manual 18-29, Restart the SGM client

Models: OL-5742-01

1 42

Download 42 pages 34.07 Kb

Page 29

Step 5 Restart the SGM client.

Chapter 18 Configuring SGM Security

Implementing SSL Support in SGM

•To use an existing signed key/certificate pair, log in as the root user on the SGM server and enter the following command:

#./sgm keytool import_key key_filename cert_filename

where key_filename is the name of the existing SSL key and cert_filename is the name of the existing signed certificate.

SGM stops the SGM server and imports the SSL key in OpenSSL format and the signed SSL certificate in X.509 format.

Step 3 Enable SSL support in SGM, by logging in as the root user on the SGM server and entering the sgm ssl enable command.

Step 4 Set up the SGM client-side SSL certificate trust relationship, by downloading and importing the self-signed or CA-signed certificate on every remote SGM client, Windows as well as Solaris, that connects to the SGM server.

a.(Self-signed certificate only) Download the self-signed certificate

(server.cer), using the procedure in the “Downloading the SGM Server’s Self-Signed SSL Certificate” section on page 18-30.

b.Import the self-signed or CA-signed certificate, using the procedure in the “Importing an SSL Certificate to an SGM Client” section on page 18-33.

Step 5 Restart the SGM client.

The SGM clients can now connect to the SGM server using SSL. All communication between the server and clients is encrypted.

If an SGM or GTT client that is not SSL-enabled attempts to connect to an SSL-enabled SGM server, SGM displays an appropriate warning message and opens the SGM client download page. The user can then download and install a new SGM client to use to connect to that SGM server.

If the client is SSL-enabled but does not have the correct certificate, SGM displays an appropriate warning message and opens the SGM Server SSL Certificate page. The user can then download the signed SSL certificate in X.509 format to the client.

		Cisco Signaling Gateway Manager User Guide
		Cisco Signaling Gateway Manager User Guide
	OL-5742-01			18-29
	OL-5742-01			18-29

Image 29

Cisco Systems OL-5742-01 manual 18-29, Restart the SGM client

Contents

Configuring SGM User-BasedAccess, page Configuring SGM User-BasedAccessCreating Secure Passwords, page 18-5 Required Implementing SSL Support in SGM, page18-2 Implementing SGM User-BasedAccess Solaris Only#cd /opt/CSCOsgm/bin #./sgm useraccess enable sgm adduser -sgm disableuser -sgm enableuser sgm disablepass -sgm passwordage -sgm userpasssgm updateuser #./sgm authtype local18-4 # ./sgm authtype solaris# ./sgm sgm adduser username 18-5 Creating Secure PasswordsPower User Level 2 Access, page Basic User Level 1 Access, pageNetwork Operator Level 3 Access, page Network Administrator Level 4 Access, page18-7 Basic User Level 1 Access18-8 Power User Level 2 AccessNetwork Operator Level 3 Access 18-9 Network Administrator Level 4 AccessSystem Administrator Level 5 Access System Messages and Logs 18-10# ./sgm badloginalarm clear # ./sgm badloginalarm number-of-attempts# ./sgm badlogindisable number-of-attempts # ./sgm badlogindisable clear# ./sgm inactiveuserdays number-of-days # ./sgm passwordage number-of-days# ./sgm inactiveuserdays clear 18-12#./sgm clitimeout number-of-minutes # ./sgm passwordage clear# ./sgm clitimeout clear 18-13# ./sgm deluser username # ./sgm disablepass username18-14 # cd /opt/CSCOsgm/bin18-15 # ./sgm disableuser username# ./sgm userpass username # ./sgm enableuser usernamepage 18-1618-17 # ./sgm updateuser username18-18 Displaying a Message of the Day# ./sgm newlevel username Field or Button Last UpdatedDescription Message of the DayDecline #cd /opt/CSCOsgm/bin #./sgm motd enable# ./sgm motd edit 18-20# ./sgm motd disable Manually Synchronizing Local SGM PasswordsListing All Currently Defined Users # ./sgm motd cat# ./sgm listusers username Disabled#cd /opt/CSCOsgm/bin #./sgm seclog 18-22Restoring Security-RelatedSGM Data #cd /opt/CSCOsgm/bin #./sgm restore security# ./sgm seclog clear 18-23#cd /opt/CSCOsgm/bin #./sgm useraccess disable Disabling SGM User-BasesAccessSpecifying a Super User Solaris Only # ./sgm restartsgm certtool -sgm clean -sgm cleanall sgm backup -sgm browserpath -sgm certguisgm cleandb -sgm cw2ksetup -sgm evilstop sgm reboot -sgm restore -sgm restorepropssgm webport -sgm xtermpath Implementing SSL Support in SGMEnabling SSL Support in SGM, page Launching the SGM Certificate Tool for SSL, pageExporting an SSL Certificate, page Enabling SSL Support in SGMManaging SSL Support in SGM, page Disabling SSL Support in SGM, page18-28 opt/CSCOsgm/etc/ssl/server.csr is a CSR# ./sgm keytool import cert cert filename Step 5 Restart the SGM client 18-29SGM displays the SGM Server Home page 18-3018-31 Launching the SGM Certificate Tool for SSL#cd /opt/CSCOsgm/bin #./sgm certgui Issued by Issued toExpiration Date ImportDetails Importing an SSL Certificate to an SGM ClientExit HelpExporting an SSL Certificate CancelLook In File Name18-35 Save InField or Button Description18-36 SaveCancel Field or ButtonChapter 18 Configuring SGM Security 18-37Cisco Signaling Gateway Manager User Guide Figure 18-5Certificate Information DialogSubject IssuerVersion Serial number18-39 Managing SSL Support in SGMDisabling SSL Support in SGM # cd /opt/CSCOsgm/bin 18-40Step 2 Enter the following command 18-41 #./sgm ipaccess add#./sgm ipaccess edit Any changes you make to the ipaccess.conf file take effect when you restart the SGM server 18-42