DGS-3024 Gigabit Ethernet Switch Manual

3.Hash Algorithm: This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, MD5 (Message Digest 5) and SHA (Secure Hash Algorithm).

These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption code for secure communication between the server and the host. The user may implement any one or combination of the ciphersuites available, yet different ciphersuites will affect the security level and the performance of the secured connection. The information included in the ciphersuites is not included with the Switch and requires downloading from a third source in a file form called a certificate. This function of the Switch cannot be executed without the presence and implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server. The Switch supports SSLv3. Other versions of SSL may not be compatible with this Switch and may cause problems upon authentication and transfer of messages from client to host.

Download Certificate

This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate file is a data record used for authenticating devices on the network. It contains information on the owner, keys for authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of the SSL function. The Switch only supports certificate files with .der file extensions. Currently, all members of the xStack family come with a certificate pre-loaded though the user may need to download more, depending on user circumstances.

To view the following window, click Security > Secure Socket Layer (SSL) > Download Certificate:

Figure 8- 2. Download Certificate window

To download certificates, set the following parameters and click Apply.

Parameter

Description

 

 

 

Server IP

Enter the IP address of the TFTP server where the certificate files are located.

 

 

 

 

Certificate File Name

Enter the path and the filename of the certificate file to download. This file must have

 

 

a .der extension. (Ex. c:/cert.der)

 

 

 

 

Key File Name

Enter the path and the filename of the key file to download. This file must have a .der

 

 

extension (Ex. c:/pkey.der)

 

 

 

 

Click Apply to implement changes made.

Configuration

This window will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the Switch. A ciphersuite is a security string that determines the exact cryptographic parameters, specific encryption algorithms and key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the

87

Page 100 Page 102
Page 101
Image 101
D-Link DSL-G604T manual Download Certificate, Configuration
Page 100 Page 102
Top Page Image Contents