Cyclades AlterPath BladeManager - page 185

Installing SSL Certificates

AlterPath BladeManager Manual 5-23

Be sure to check a certificate very carefully before importing it as a trusted

certificate! View it first (using the -printcert subcommand, or the -import

subcommand without the -noprompt option), and make sure that the

displayed certificate fingerprint(s) match the expected ones.

For example, suppose someone sends or emails you a certificate, and you put

it in a file named /tmp/cert. Before you consider adding the certificate to your

list of trusted certificates, you can execute a -printcert subcommand to view

its fingerprints, as in:

keytool -printcert -file /tmp/cert

Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll

Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll

Serial Number: 59092b34

Valid from: Thu JUL 01 18:01:13 PDT 2004

until: Wed SEP 08 17:01:13 PST 2004

Certificate Fingerprints:

MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F

SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:1

Then call or contact the person who sent the certificate, and compare the

fingerprint(s) that you see with the ones that they show. Only if the

fingerprints are equal is it guaranteed that the certificate has not been replaced

in transit with somebody else’s (for example, an attacker’s) certificate. If such

an attack took place, and you did not check the certificate before you imported

it, you would end up trusting anything the attacker has signed (for example, a

JAR file with malicious class files inside).

Note: it is not required that you execute a -printcert subcommand prior to

importing a certificate, since before adding a certificate to the list of trusted

certificates in the keystore, the -import subcommand prints out the certificate

information and prompts you to verify it.

You then have the option of aborting the import operation. Note, however, this

is only the case if you invoke the -import subcommand without the

-noprompt option. If the -noprompt option is given, then there is no interac-

tion with the user.

If you are satisfied that the certificate is valid, then you can add it to your key

store as follows:

keytool -import -alias tomcat -file jcertfile.cer

This creates a trusted certificate entry in the keystore, with the data from the

file jcertfile.cer, and assigns the alias tomcat to the entry.

Contents

Main Page Table of Contents Page Page Page Page Page Page Page Audience Before You Begin Document Organization Typographical Conventions Naming Conventions Command Line Syntax Page Page Chapter 1 Introduction Connectivity and Capacity Key Features Single Point Security Gateway Centralized Authentication Consolidated Views and Blade Access Simple and Easy Web User Interface One-Click Access to Blades and Switches Centralized Data Logging System Log File Compression and Rotation Prioritized Triggers & Alarms Other Alarm Features Blade Wizard Chassis, Blades, and User Group Management Backup, Restore, and Replicate User Data Page Page Page Product Installation Checklist Chapter 2 BladeManager Installation Rack Mounting Guidelines Page Page Page Page Page Page Page Page Major Components of the BladeManager Installation Safety Guidelines System Reliability Guidelines Static-Sensitive Devices Installation Procedures Installing DIMMs Page Installing a Hard Disk Drive Installing a Simple-Swap Serial ATA Hard Disk Drive Installing a SCSI Hard Drive Installing an Adapter Page Page Page Completing the Installation Connecting the Cables Updating the Server Configuration BladeManager Controls, LEDs, and Power Page Page BladeManager Power Features Switching On the Server Switching Off the BladeManager Pre-Configuration Requirements Configuring the COM Port Connection and Logging In Page User Interface Overview Chapter 3 BladeManager Web Access Using the Web Interface as a Regular User Page General Screen Features Sorting a List Form by Column/Field Name Search and Filter Functions Alarms Alarm Logs Responding to an alarm Alarm List Form Page Viewing the Alarm Detail Form The form brings up the Alarm Detail form. >> Viewing Alarm or Console Logs >> Assigning a Ticket to a User The system opens the Alarm Detail form. Blades >> Viewing the Blade List Page >> Connecting to a Blade Console Multiple Users and Read/Write Access Viewing a Blade or Switch Consoles Detail Form Page Page Consoles Groups Form Logs >> Viewing the Logs Access Logs Event Logs Data Buffer Users Profile Page Page The system displays the User Group form: >> Viewing the Security Form The system displays the Security tabbed form: Page Chapter 4 BladeManager Web Administration Operational Modes Configuration Process Flow AlterPath BladeManager Manual 4-3 Configuration Process Flow The entire configuration process through the web interface is as follows: First Time Configuration Wizard >> Running the First Time Configuration Wizard >> Resetting Configuration to Factory Settings First Time Configuration Wizard: An Example First Time Configuration Wizard AlterPath BladeManager Manual 4-7 Setting the Authentication Method Hostname Configuration Must Follow RFC Standard >> Connecting to the Web Interface Disabling HTTP to Use Only HTTPS BladeManager Web Interface: Admin Mode Forms Summary Page Page Page >> Logging Into the BladeManager Web Interface Parts of the Web Interface Page Sorting, Filtering, and Saving a List Form Using the Form Input Fields Verifying Error Messages Chassis Management Page Chassis > Devices List Form Adding or Editing a Chassis Page Page Page Using a DHCP Server and Selecting the Correct IP Mode Function of the Status Field >> Selecting the Group(s) to Access a Chassis Proxies Proxy Types Page >> Configuring the Proxy >> Verifying your Proxy Setting Disabling the Proxy Configuring Ports to be Proxied >> Configuring the Chassis Switch Page Two Methods of Blade Configuration >> Running the Blade Wizard Page Page Page Page Configuring Blades Manually through the Menu Consoles List Form >> Connecting to a Device >> Deleting a Device >> Deleting a Device from a Group Deleting a Device Group Alarm Trigger Alarm Trigger Management >> Viewing the Alarm Trigger List >> Creating an Alarm Trigger Page >> Deleting an Alarm Trigger Using the Logical AND in the Alarm Trigger Expression Blades / Switches Consoles List Form >> Viewing the Console List >> Adding a Serial Console Page Page Adding a Switch Console >> Selecting Users to Access the Console >> Selecting Users to be Notified >> Assigning the Console to a Group >> Deleting a Console from a Group Deleting a Console Group >> Connecting to a Console Log Rotation >> Initiating Log Rotation >> Setting Log Rotation in Auto Mode Users User List form >> Adding a User Page Page >> Selecting Consoles for a User >> Selecting User Group(s) for a User >> Deleting a User >> Deleting a User from a Group Deleting a User Group Setting the Local Password >> Setting Up Local Authentication >> Setting a Users Security Profile Groups >> Creating a Group Page >> Deleting a Group >> Assigning a Security Profile to a User Group Security Profiles Security Profile List >> Adding or Editing a Security Profile >> Security Profiles: Source IP Page >> Security Profiles: LAN ITF Page >> Security Profile: Date/Time >> Configuring Authorization Page >> Deleting a Security Profile Backing Up User Data Backup and Restore Scenarios System Recovery Guidelines BladeManager Database Transaction Support >> Responding to the Warning Message Changing the Default Configuration Info / Reporting Page Page Chapter 5 Advanced Configuration Working from a CLI >> Logging In Shell Commands Copying and Pasting Text within the Console Applet Window Connecting Directly to Ports Sample Command Line Interface ******************************************************* CLI Commands To exit from the CLI, press: <^> <shift>_ (i.e., <Ctrl> <Shift> <underscore>) Key(s) Command Key(s) Command Set Commands Page Page Page Changing the Escape Sequence Re-defining the Interrupt Key Changing the Number of Lines in the SSH Applet Changing the Session Timeout Enabling Telnet NIS Configuration User Authentication Active Directory Configuration Disabling HTTP to Use Only HTTPS Firmware Adding Firmware Upgrading the APBM Firmware Backing Up User Data Backup and Restore Scenarios Backup and Restore Commands Managing Log Files Where Log Files are Archived Backing Up Log Files to a Remote Server System Recovery Guidelines Changing the Database Configuration Restoring Your Configuration Installing SSL Certificates More About Importing Certificates Page Page Glossary Page Page Page Page Page Page Page Page Page Page Page Appendix A: BladeManager Hardware Specifications