Apache SSL§ | Intel A31032-001 specs

C H A P T E R 3

Keys and Certificates

Apache SSL§

For key:

1.Look in $APACHESSLROOT/conf/httpd.conf for location of *.key file.

2.Copy and paste the key file.

For certificate:

1.Look in $APACHESSLROOT/conf/httpd.conf for location of *.cert file.

2.Copy and paste the certificate file.

3-11

Image 33

Intel A31032-001 manual Apache SSL§

Contents

Version Intel NetStructure 7110/7115 e-Commerce Accelerator Trademarks Copyright Table of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii About this User Guide Introduction Remote Management New in This Release Before You Begin Who Should Use this Book How to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Rack Installation Installing the 7110/7115 Free- Standing or in a Rack Network Connections Free-Standing Installation Status Check Admin Terminal ConnectionNetwork and Server LEDs Inline LED HyperTerminal§ Paste Operations Troubleshooting Continuing ConfigurationServer and Network LEDs Theory of Operation SecuritySingle Server Acceleration Multiple Servers 7110/7115 in Single Server Configuration Positioning 7110/7115 between ITM Device and Client Network Working with Internet Traffic Management ITM Devices Positioning 7110/7115 between ITM Device and Server Scalability and CascadingSpilling and Throttling Availability Keys and Certificates Cutting and Pasting with HyperTerminal§ Create a key Type the create key command at the prompt ProcedureCreate a Certificate Signing Request Intel 7115 create sign Certificate REQUEST----- lines Intel 7115 export sign mywebserverAsciix Enter Enter Typically, the CSR will look something like this Save the configuration when the server has been mapped Exporting a Key/Certificate from a ServerApache Interface to Open SSL§ modssl Apache SSL§ Stronghold§ Importing into the 7110/7115Intel 7115 import key mywebserver Save the configuration when the server has been mapped Creating a new Key/Certificate on the 7110/7115 Enter the create cert command with the keyIDCreate a key as follows Intel 7115 create cert mywebserver Overview Global Site Certificates Global Site Certificate Paste Procedure ExampleIntel 7115 import cert keyID Intel 7115 set redirect A P T E R Redirection Clients and Unsupported Ciphers To disable a redirect URL for a mapping Client AuthenticationIntel 7115 show redirect Intel 7115 set redirect 2 none Intel 7115 show redirect Intel 7115 import clientca Next, import the client CA certificate for Map ID Creating a Client CA Certificate using OpenSSL§ Generate the client CA certificateGenerate a certificate signing request SSL Processing MappingAutomapping Automapping with multiple port combinations Automapping with user-specified key and certificateDeleting automapping entries Manual mapping Combining automapping and manual mapping Use the show block command to verify Subnet IP, Specific Port All IPs, Specific PortUse show block to verify Use the show block command to confirm the block Delete a BlockIntel 7115 delete block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Procedure for Scenario Manual ConfigurationScenario 1-Single Server Intel 7115delete map 1 Intel 7115list maps Scenario 2-Multiple Servers This scenario shows how to configure two or more servers ID KeyID Assumptions Scenario 3-Multiple 7110/ 7115s, Cascaded Multiple Cascaded 7110/7115s Intel 7115 export config Save the configuration Intel 7115 import configAfter verification y or refusal n, the prompt reappears Intel 7115set egressmac none To reverse this process Online Help Command Reference User Authentication Command Line InterfaceCommand Line Prompt Abbreviation to Uniqueness A P T E R Command Line Interface Input Editing Commands Command HistoryMoving the Insertion Point Cut and Paste Command Summary Command Command Options Import Nic Password RebootInline List Command Command Options Set Command Command Options Show Showsnmp SetsnmpStatus Ttychar Command Reference Help CommandsStatus Command Command Description Create key SSL CommandsDelete key Import key Command Description Export key Show keyList keys Delete cert Command Description Create certImport cert Export cert Display the expanded certificate including PEM format Command Description Show certDisplays all certificates Set ciphers Command Description Set redirect Show redirectShow clientca Command Description Import clientca Delete clientcaCreate sign Command Description Delete sign Export signShow sign keyID Issuer e-mail address. You can change all, some or none Command Description Set defcertDisplay the default certificate creation information Field Show kstrength Command Description Set kstrengthSet clienttmo Show clienttmo Displays the currently specified server timeout value Command Description Set servertmoClient request is rejected Show servertmo Command Definition Create block Port Mapping CommandsDelete block Show block Command Definition Create permit Delete permitShow permit Delete map mapID Command Definition Create mapShow map List maps Operational Commands Command Description BypassInline Show spill Command Description Set spill Remote Management Commands Command Description Set ipMaxremotesessions Command Description Set telnet Show telnetSet telnetport Set ssh Command Description Show telnetportShow ssh Set sshport Command Description Setsnmp snmp Showsnmp snmpSetsnmp snmpinfo CommandDescription SnmpcommunityDelete Snmp community strings Command Description Setsnmp trapauthen TrapcommunityList trapcommunity Intel 7115 delete trapcommunity Delete trapcommunity Delete Snmp trap community strings Command Description Set alarms Alarms and Monitoring CommandsShow alarms Set rscwindow Command Description Show rscwindow Set utlwindowSet utlhighwater Show utlwindow Command Description Set utllowwaterShow utlhighwater Show utllowwater Intel 7115 show ovlwindow CommandDescription Show ovlwindow Configuration Commands Command Description Show configDisplay current volatile configuration settings Intel 7115 show config default Default configuration Config reset Command Description Config compareConfig default Config save Configuration specifics are displayed Command Description Export configImport config Import a configuration file paste, xmodem, uudecode Command Description Import upgrade Import patchList system Returns to factory configuration settings Command Description Factorydefault Command Description Password Administration CommandsShow info Set date Set ether Command Description Set egressmacShow ether Set idleto Nic Command Description Set moreSet prompt Set serial Command Description Show serial Logging CommandsCommand Description Exit Delete saved log/trace files from /flash/logs Command Description Delete logAll deletes all logs List logs Overview Remote Management Limitations Remote Management CLI Commands A P T E R Overview Local Serial Console Remote Telnet Sessions Changing the Telnet Port Remote Console, TelnetTo display the Telnet port Unix-prompttelnet Enable remote SSh sessions To verify Telnet disableRemote SSh Sessions Disabling Telnet Passwordpassword Unix-promptssh -1 adminRemote Console, SSh Changing the SSh Port Intel 7115 set ssh disable To verify SSh disableDisabling SSh To display the SSh port Intel MIB Tree Standards Compliance Supported MIBs Where to find MIB FilesManagement Information Base-II MIB-II Intel Enterprise MIBs Ceo-header.my Following is a summary of the 7110/7115 private MIB Enterprise Private MIB SummaryPage Snmp ThrottlesPerSec Number of throttles per second Snmp Trap Summary Standard Snmp TrapsPrivate Traps in ssl-appliance-mib.my Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmp Intel 7115 setsnmp snmp disable Intel 7115 showsnmp snmpEnabling Snmp Intel 7115 showsnmp snmpinfo Specifying Snmp Information Intel 7115 delete snmpcommunity Community String Trap Community String Use CLI commands, setsnmp trapcommunity, list Access Control Page Alarms Monitoring Set alarms All, esc, rsc, utl, ovl, nls None Show alarms CLI commands for alarm configuration are ESC Encryption Status Change Alarm Alarm TypesAlarm Modifiers and Messages For example To set Overload Alarm time window RSC Alarm CLI CommandsRSC Refused SSL Connections Extended Data To display Overload Alarm time window UTL Utilization Threshold AlarmThis alarm monitors three utilization threshold values Intel 7115 set rscwindow Intel 7115 show rscwindow To set Utilization Threshold Alarm time window UTL Alarm CLI commandsTo set Utilization Threshold Alarm high-water value To set Utilization Threshold Alarm low-water value OVL Alarm CLI Commands OVL Overload AlarmIntel 7115 set ovlwindow seconds Range Intel 7115 set ovlwindow Intel 7115 show ovlwindow NLS Network Link Status Alarm Alarm Logging Intel 7115 status Respend Inline Ip 10.1.11.34 netmask Intel 7115 status alarms Example, status alarms command Monitoring Report ConfigurationMonitoring Reports Monitor report format Intel 7115 set monitoringfields Monitoring Reports CLI Commands Intel 7115 show monitoringfields Intel 7115 set monitoring enable Intel 7115 show monitoringPage Software Updates Using Windows§ HyperTerminal§ Press y for yes at the Continue with upgrade? promptIntel 7115 import upgrade Connect the serial cable to the 7110/7115 auxiliary console Command import patch Intel 7115import upgrade To send the uuencoded file use the ~ command Intel 7115import patch Page Troubleshooting Intel 7115 set clienttmo See Global Site Certificates Error message Intermediate Settings Error message ServerThen use the nic command to force Different media LEDs Front Panel Press to physically force bypass mode bypass 7110/7115 Buttons and SwitchesFront Panel LEDs Processing Overload See Appendix B, Failure Connectors Failure/Bypass Modes Enable 7110/7115 processing Bypass Button Fail-through Switch Security Level P E N D I X B Fail-through Switch Security Level Page Cipher Strength Supported Ciphers SSL Version Level RC2128 RC2 SSLv2RC4-64 SSLv2 RC464Page Taiwan Class a EMI Statement Regulatory Information FCC Part 15 Compliance Statement Vcci Statement CE Compliance Statement Canada Compliance Statement Industry Canada Vcci Class a Japan Australia Cispr 22 Statement Avertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page END User Terms and Conditions of Sale and Software License Terms and Conditions and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 Worldwide Access to Technical Support Support ServicesNorth America only Japan only Support-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4