Manuals / Brands / TV and Video / TV Mount / Intel / TV and Video / TV Mount

Intel A31032-001 Obtaining a Certificate from VeriSign or Other Certificate Authority

1 196

Download 196 pages, 1.27 Mb

C H A P T E R 3 Keys and Certificates

3-7

Obtaining a Certificate from VeriSign§ or Other Certificate Authority

Use the create key command to create your key and the create sign

command to create a signing request to be sent to VeriSign or other

certificate authority for authentication. The certificate authority will

return it in approximately one to five days. After you have received

the certificate, use the import cert command to import it into the

7110/7115.

The fields input to create a signing request are called collectively a

Distinguished Name (DN). For optimal security, one or more fields

must be modified to make the DN unique.

Procedure

Create a key:

1. Type the create key command at the prompt:

Intel 7115> create key

Key strength (512/1024) [512]:

New keyID [001]: 002

Keypair was created for keyID: 002

2. Create a Certificate Signing Request:

Intel 7115> create sign 002

You are about to be asked to enter information

that will be incorporated into your

certificate request. The "common name" must be

unique. For other fields, you could use

default values.

Certifying authorities have specific guidelines on how to answer each

of the questions. These guidelines may vary by certifying authority.

Please refer to the guidelines of the certifying authority to whom you

submit your Certificate Signing Request (CSR). Please keep the

following in mind when entering the information that will be

incorporated into your certificate request:

•Country code: This is the two-letter ISO abbreviation for your

country (for example, US for the United States).

•State or Province: This is the name of the state or province

where your organization’s head office is lo cated. Pl ease ent er the

full name of the state or province. Do not abbreviate.

Contents

Main Copyright Trademarks Table of Contents Chapter 3: Theory of Operation Chapter 4: Scenarios Chapter 5: Command Reference Chapter 6: Remote Management Chapter 7: Alarms and Monitoring Chapter 8: Software Updates Page List of Figures Page Introduction About this User Guide New in This Release Who Should Use this Book Before You Begin How to Use this Book Page Page Installation and Initial Configuration Before You Begin Installing the 7110/7115 Free- Standing or in a Rack Rack Installation Free-Standing Installation Network Connections Status Check Network and Server LEDs Inline LED Admin Terminal Connection HyperTerminal Paste Operations Troubleshooting Server and Network LEDs Inline LED Continuing Configuration Theory of Operation Multiple Servers Working with Internet Traffic Management (ITM) Devices Positioning 7110/7115 between ITM Device and Client Network Positioning 7110/7115 between ITM Device and Server Multiple 7110/7115s and Cascading Processing Scalability and Cascading Spilling and Throttling Availability Keys and Certificates Cutting and Pasting with HyperTerminal Obtaining a Certificate from VeriSign or Other Certificate Authority Procedure Page C H A P T E R 3 Keys and Certificates Typically, the CSR will look something like this: Exporting a Key/Certificate from a Server Apache Interface to Open SSL (mod_ssl) Apache SSL Stronghold Importing into the 7110/7115 Page Creating a new Key/Certificate on the 7110/7115 Procedure Global Site Certificates Overview Global Site Certificate Paste Procedure Redirection: Clients and Unsupported Ciphers Client Authentication Page Creating a Client CA Certificate using OpenSSL SSL Processing Mapping Automapping Automapping with user-specified key and certificate Automapping with multiple port combinations Deleting automapping entries Manual mapping Combining automapping and manual mapping Blocking Specific IP, Specific Port Subnet IP, Specific Port All IPs, Specific Port Delete a Block Page Scenarios Syntax Scenario 1Single Server Procedure for Scenario 1 Automapping Manual Configuration Page Scenario 2Multiple Servers Procedure for Scenario 2 Page Scenario 3Multiple 7110/ 7115s, Cascaded Assumptions Procedure for Scenario 3 Page Scenario 4Different Ingress and Egress Routers Procedure for Scenario 4 Command Reference Online Help Command Line Interface User Authentication Command Line Prompt Abbreviation to Uniqueness Page Input Editing Commands Moving the Insertion Point Command History Cut and Paste Command Summary Page Page Page Page Command Reference Help Commands Status Command SSL Commands Page Page Page Page Page Page Page Page Page Port Mapping Commands Page Page Operational Commands Page Remote Management Commands Page Page Page Page Page Page Alarms and Monitoring Commands Page Page Page Configuration Commands C H A P T E R 5 Command Reference Command Description Page Page Page Page Administration Commands Page Page Logging Commands Page Remote Management Overview Limitations Remote Management CLI Commands Page Remote Telnet Sessions Local Serial Console Remote Console, Telnet Changing the Telnet Port Disabling Telnet Remote SSh Sessions Local Serial Console Remote Console, SSh Changing the SSh Port Disabling SSh SNMP Standards Compliance Intel MIB Tree Supported MIBs Where to find MIB Files Enterprise Private MIB Summary Following is a summary of the 7110/7115 private MIB: Page Page Page Page Trap Summary Standard SNMP Traps Private Traps in ssl-appliance-mib.my Enabling SNMP. SNMP: disable SNMP: enable Specifying SNMP Information Community String 6-20 Trap Community String Access Control Page Alarms and Monitoring Overview Page Alarm Types ESC: Encryption Status Change Alarm Alarm Modifiers and Messages: RSC: Refused SSL Connections Alarm Modifiers and Messages Extended Data RSC Alarm CLI Commands UTL: Utilization Threshold Alarm Alarm Modifiers and Messages Extended Data UTL Alarm CLI commands To set Utilization Threshold Alarm time window: To set Utilization Threshold Alarm high-water value: To set Utilization Threshold Alarm low-water value: OVL: Overload Alarm Alarm Modifiers and Messages: Extended Data: OVL Alarm CLI Commands: NLS: Network Link Status Alarm Alarm Logging Page Page C H A P T E R 7 Alarm Logging Example, status alarms command: Monitoring Monitoring Reports Report Configuration Monitoring Reports CLI Commands Below are the CLI commands for console monitoring, with defaults and ranges where applicable: Page Page Software Updates Using Windows HyperTerminal Using Unix cu and uuencoded image file Page Page Page Troubleshooting Page Page Page Front Panel Buttons and Switches Front Panel LEDs (See Appendix B, Failure/ Bypass Modes) Connectors Failure/Bypass Modes Bypass Button Fail-through Switch (Security Level) Page Page Supported Ciphers Cipher Strength SSL Version Level Page Page Page VCCI Statement FCC Part 15 Compliance Statement CAUTION: Canada Compliance Statement (Industry Canada) CE Compliance Statement CISPR 22 Statement AVERTISSEMENT WARNUNG AVVERTENZA ADVERTENCIAS Wichtige Sicherheitshinweise Page Page T erms and Conditions and Software License E-2 E-3 E-4 E-5 E-6 E-7 E-8 Glossary Page Page Page Support Services Page Page Page Index