Manuals / Intel / TV and Video / TV Mount

Intel A31032-001 manual Creating a new Key/Certificate on the 7110/7115, Create a key as follows

Models: A31032-001

1 196

Download 196 pages 18.6 Kb

Page 36

C H A P T E R 3 Intel® NetStructure™ 7110/7115 e-Commerce Accelerator User Guide

Creating a new Key/Certificate on the 7110/7115

Use the create key and create cert commands to create new keys and certificates for 7110/7115 operation. This procedure can be used when there are no existing keys and certificates on the server. The advantage is that this method is very fast, but a certificate authority has not signed the certificates.

The fields input to create a certificate are called a Distinguished Name (DN). For optimal security, one or more fields must be modified to make the DN unique.

Procedure

1.Create a key as follows:

Intel 7115> create key

Enter the key strength [512,1024]: 512

New keyID [001]: mywebserver

Keypair was created for keyID: mywebserver

2.Enter the create cert command with the keyID

Intel 7115> create cert mywebserver

You are about to be asked to enter information…

Enter the information for the certificate, as prompted:

•Country

•State

•Locality

•Organization

•Organization unit

•Common name (for example, www.myserver.com)

•E-mail address.

3.Create a server mapping. Use the create map command to specify the server IP address, ports, and keyID.

Intel 7115> create map

Server IP (0.0.0.0): 10.1.1.30

SSL (network) port [443]: <Enter>

Cleartext (server) port [80]: <Enter>

KeyID to use for mapping: mywebserver

3-14

Image 36

Intel A31032-001 manual Creating a new Key/Certificate on the 7110/7115, Create a key as follows

Contents

Intel NetStructure 7110/7115 e-Commerce Accelerator Version Copyright Trademarks Table of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii Introduction About this User Guide New in This Release Remote Management Who Should Use this Book Before You Begin How to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Installing the 7110/7115 Free- Standing or in a Rack Rack Installation Free-Standing Installation Network Connections Admin Terminal Connection Status CheckNetwork and Server LEDs Inline LED HyperTerminal§ Paste Operations Troubleshooting Continuing ConfigurationServer and Network LEDs Theory of Operation SecuritySingle Server Acceleration 7110/7115 in Single Server Configuration Multiple Servers Working with Internet Traffic Management ITM Devices Positioning 7110/7115 between ITM Device and Client Network Positioning 7110/7115 between ITM Device and Server Scalability and CascadingSpilling and Throttling Keys and Certificates Availability Cutting and Pasting with HyperTerminal§ Procedure Create a key Type the create key command at the promptCreate a Certificate Signing Request Intel 7115 create sign Certificate REQUEST----- lines Intel 7115 export sign mywebserverAsciix Enter Typically, the CSR will look something like this Enter Save the configuration when the server has been mapped Exporting a Key/Certificate from a ServerApache Interface to Open SSL§ modssl Apache SSL§ Stronghold§ Importing into the 7110/7115Intel 7115 import key mywebserver Save the configuration when the server has been mapped Enter the create cert command with the keyID Creating a new Key/Certificate on the 7110/7115Create a key as follows Intel 7115 create cert mywebserver Global Site Certificates Overview Global Site Certificate Paste Procedure ExampleIntel 7115 import cert keyID A P T E R Redirection Clients and Unsupported Ciphers Intel 7115 set redirect Client Authentication To disable a redirect URL for a mappingIntel 7115 show redirect Intel 7115 set redirect 2 none Intel 7115 show redirect Next, import the client CA certificate for Map ID Intel 7115 import clientca Creating a Client CA Certificate using OpenSSL§ Generate the client CA certificateGenerate a certificate signing request SSL Processing MappingAutomapping Automapping with user-specified key and certificate Automapping with multiple port combinationsDeleting automapping entries Manual mapping Use the show block command to verify Combining automapping and manual mapping Subnet IP, Specific Port All IPs, Specific PortUse show block to verify Use the show block command to confirm the block Delete a BlockIntel 7115 delete block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Procedure for Scenario Manual ConfigurationScenario 1-Single Server Intel 7115delete map 1 Intel 7115list maps This scenario shows how to configure two or more servers Scenario 2-Multiple Servers ID KeyID Scenario 3-Multiple 7110/ 7115s, Cascaded Assumptions Intel 7115 export config Multiple Cascaded 7110/7115s Save the configuration Intel 7115 import configAfter verification y or refusal n, the prompt reappears To reverse this process Intel 7115set egressmac none Command Reference Online Help Command Line Interface User AuthenticationCommand Line Prompt Abbreviation to Uniqueness A P T E R Command Line Interface Input Editing Commands Command HistoryMoving the Insertion Point Cut and Paste Command Summary Command Command Options Import Nic Password RebootInline List Command Command Options Set Command Command Options Show Setsnmp ShowsnmpStatus Ttychar Command Reference Help CommandsStatus Command SSL Commands Command Description Create keyDelete key Import key Command Description Export key Show keyList keys Command Description Create cert Delete certImport cert Export cert Command Description Show cert Display the expanded certificate including PEM formatDisplays all certificates Set ciphers Command Description Set redirect Show redirectShow clientca Command Description Import clientca Delete clientcaCreate sign Command Description Delete sign Export signShow sign keyID Command Description Set defcert Issuer e-mail address. You can change all, some or noneDisplay the default certificate creation information Field Command Description Set kstrength Show kstrengthSet clienttmo Show clienttmo Command Description Set servertmo Displays the currently specified server timeout valueClient request is rejected Show servertmo Port Mapping Commands Command Definition Create blockDelete block Show block Command Definition Create permit Delete permitShow permit Command Definition Create map Delete map mapIDShow map List maps Operational Commands Command Description BypassInline Command Description Set spill Show spill Remote Management Commands Command Description Set ipMaxremotesessions Command Description Set telnet Show telnetSet telnetport Command Description Show telnetport Set sshShow ssh Set sshport Command Description Setsnmp snmp Showsnmp snmpSetsnmp snmpinfo CommandDescription SnmpcommunityDelete Snmp community strings Command Description Setsnmp trapauthen TrapcommunityList trapcommunity Delete trapcommunity Delete Snmp trap community strings Intel 7115 delete trapcommunity Alarms and Monitoring Commands Command Description Set alarmsShow alarms Set rscwindow Command Description Show rscwindow Set utlwindowSet utlhighwater Command Description Set utllowwater Show utlwindowShow utlhighwater Show utllowwater CommandDescription Show ovlwindow Intel 7115 show ovlwindow Configuration Commands Command Description Show configDisplay current volatile configuration settings Intel 7115 show config default Default configuration Command Description Config compare Config resetConfig default Config save Command Description Export config Configuration specifics are displayedImport config Import a configuration file paste, xmodem, uudecode Command Description Import upgrade Import patchList system Command Description Factorydefault Returns to factory configuration settings Administration Commands Command Description PasswordShow info Set date Command Description Set egressmac Set etherShow ether Set idleto Command Description Set more NicSet prompt Set serial Logging Commands Command Description Show serialCommand Description Exit Command Description Delete log Delete saved log/trace files from /flash/logsAll deletes all logs List logs Remote Management Overview Remote Management CLI Commands Limitations A P T E R Overview Remote Telnet Sessions Local Serial Console Remote Console, Telnet Changing the Telnet PortTo display the Telnet port Unix-prompttelnet To verify Telnet disable Enable remote SSh sessionsRemote SSh Sessions Disabling Telnet Unix-promptssh -1 admin PasswordpasswordRemote Console, SSh Changing the SSh Port To verify SSh disable Intel 7115 set ssh disableDisabling SSh To display the SSh port Standards Compliance Intel MIB Tree Where to find MIB Files Supported MIBsManagement Information Base-II MIB-II Intel Enterprise MIBs Ceo-header.my Enterprise Private MIB Summary Following is a summary of the 7110/7115 private MIBPage Snmp ThrottlesPerSec Number of throttles per second Snmp Trap Summary Standard Snmp TrapsPrivate Traps in ssl-appliance-mib.my Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmp Intel 7115 setsnmp snmp disable Intel 7115 showsnmp snmpEnabling Snmp Specifying Snmp Information Intel 7115 showsnmp snmpinfo Community String Intel 7115 delete snmpcommunity Use CLI commands, setsnmp trapcommunity, list Trap Community String Access Control Page Alarms Monitoring CLI commands for alarm configuration are Set alarms All, esc, rsc, utl, ovl, nls None Show alarms Alarm Types ESC Encryption Status Change AlarmAlarm Modifiers and Messages For example RSC Alarm CLI Commands To set Overload Alarm time windowRSC Refused SSL Connections Extended Data UTL Utilization Threshold Alarm To display Overload Alarm time windowThis alarm monitors three utilization threshold values Intel 7115 set rscwindow Intel 7115 show rscwindow UTL Alarm CLI commands To set Utilization Threshold Alarm time windowTo set Utilization Threshold Alarm high-water value To set Utilization Threshold Alarm low-water value OVL Overload Alarm OVL Alarm CLI CommandsIntel 7115 set ovlwindow seconds Range Intel 7115 set ovlwindow Intel 7115 show ovlwindow Alarm Logging NLS Network Link Status Alarm Intel 7115 status Respend Inline Ip 10.1.11.34 netmask Example, status alarms command Intel 7115 status alarms Report Configuration MonitoringMonitoring Reports Monitor report format Monitoring Reports CLI Commands Intel 7115 set monitoringfields Intel 7115 set monitoring enable Intel 7115 show monitoring Intel 7115 show monitoringfieldsPage Software Updates Using Windows§ HyperTerminal§ Press y for yes at the Continue with upgrade? promptIntel 7115 import upgrade Command import patch Connect the serial cable to the 7110/7115 auxiliary console To send the uuencoded file use the ~ command Intel 7115import upgrade Intel 7115import patch Page Troubleshooting Intel 7115 set clienttmo Error message Intermediate See Global Site Certificates Error message Server SettingsThen use the nic command to force Different media Front Panel LEDs Buttons and Switches Press to physically force bypass mode bypass 7110/7115Front Panel LEDs Processing See Appendix B, Failure Overload Connectors Enable 7110/7115 processing Failure/Bypass Modes Fail-through Switch Security Level Bypass Button P E N D I X B Fail-through Switch Security Level Page Supported Ciphers Cipher Strength SSL Version Level RC2 SSLv2 RC2128RC4-64 SSLv2 RC464Page Regulatory Information Taiwan Class a EMI Statement Vcci Statement FCC Part 15 Compliance Statement Canada Compliance Statement Industry Canada CE Compliance Statement Cispr 22 Statement Vcci Class a Japan Australia Avertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page Terms and Conditions and Software License END User Terms and Conditions of Sale and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 Support Services Worldwide Access to Technical SupportNorth America only Japan only Support-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4