Manuals / Intel / TV and Video / TV Mount

Intel A31032-001 manual Global Site Certificates, Overview

Models: A31032-001

1 196

Download 196 pages 18.6 Kb

Page 37

C H A P T E R 3

Keys and Certificates

4.Save the configuration when the server has been mapped.

Intel 7115> config save

Saving configuration to flash...

Configuration saved to flash Intel 7115>

Global Site Certificates

Overview

Four types of certificates are involved in the following discussion:

•Root Certificate. The certificate of a trusted CA such as VeriSign.

•Server Certificate. Loaded on the server. Can be either self- generated or received from a certificate authority such as VeriSign. Interacts with requesting browser’s root certificate to establish encryption level.

•Global Site Certificate. An extended server certificate. Allows 128-bit encryption for export-restricted browsers.

•Intermediate certificate authority (CA) Certificate. A certificate “signed,” that is, authenticated, by a recognized certificate authority such as VeriSign, and used to validate a global site certificate. Called an “intermediate CA certificate” in the following discussion.

Export versions of Internet Explorer§ and Netscape§ Communicator use 40-bit encryption to initiate connections to SSL servers. Upon receiving a client request, the server responds by sending a digital certificate. If this certificate is a conventional server certificate (that is, not a global site certificate), browser and server complete the SSL handshake and use a 40-bit key to encrypt application data. If the server responds to a requesting browser with a global site certificate, the client automatically renegotiates the connection to use 128-bit encryption.

3-15

Image 37

Intel A31032-001 manual Global Site Certificates, Overview

Contents

Version Intel NetStructure 7110/7115 e-Commerce AcceleratorTrademarks CopyrightTable of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii About this User Guide IntroductionRemote Management New in This ReleaseBefore You Begin Who Should Use this BookHow to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Rack Installation Installing the 7110/7115 Free- Standing or in a RackNetwork Connections Free-Standing InstallationStatus Check Admin Terminal ConnectionNetwork and Server LEDs Inline LEDHyperTerminal§ Paste Operations Continuing Configuration TroubleshootingServer and Network LEDs Security Theory of OperationSingle Server Acceleration Multiple Servers 7110/7115 in Single Server ConfigurationPositioning 7110/7115 between ITM Device and Client Network Working with Internet Traffic Management ITM DevicesScalability and Cascading Positioning 7110/7115 between ITM Device and ServerSpilling and Throttling Availability Keys and CertificatesCutting and Pasting with HyperTerminal§ Create a key Type the create key command at the prompt ProcedureCreate a Certificate Signing Request Intel 7115 create signIntel 7115 export sign mywebserver Certificate REQUEST----- linesAsciix Enter Enter Typically, the CSR will look something like thisExporting a Key/Certificate from a Server Save the configuration when the server has been mappedApache Interface to Open SSL§ modssl Apache SSL§ Importing into the 7110/7115 Stronghold§Intel 7115 import key mywebserver Save the configuration when the server has been mapped Creating a new Key/Certificate on the 7110/7115 Enter the create cert command with the keyIDCreate a key as follows Intel 7115 create cert mywebserverOverview Global Site CertificatesExample Global Site Certificate Paste ProcedureIntel 7115 import cert keyID Intel 7115 set redirect A P T E R Redirection Clients and Unsupported CiphersTo disable a redirect URL for a mapping Client AuthenticationIntel 7115 show redirect Intel 7115 set redirect 2 none Intel 7115 show redirectIntel 7115 import clientca Next, import the client CA certificate for Map IDGenerate the client CA certificate Creating a Client CA Certificate using OpenSSL§Generate a certificate signing request Mapping SSL ProcessingAutomapping Automapping with multiple port combinations Automapping with user-specified key and certificateDeleting automapping entries Manual mappingCombining automapping and manual mapping Use the show block command to verifyAll IPs, Specific Port Subnet IP, Specific PortUse show block to verify Delete a Block Use the show block command to confirm the blockIntel 7115 delete block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Manual Configuration Procedure for ScenarioScenario 1-Single Server Intel 7115delete map 1 Intel 7115list maps Scenario 2-Multiple Servers This scenario shows how to configure two or more serversID KeyID Assumptions Scenario 3-Multiple 7110/ 7115s, CascadedMultiple Cascaded 7110/7115s Intel 7115 export configIntel 7115 import config Save the configurationAfter verification y or refusal n, the prompt reappears Intel 7115set egressmac none To reverse this processOnline Help Command ReferenceUser Authentication Command Line InterfaceCommand Line Prompt Abbreviation to UniquenessA P T E R Command Line Interface Command History Input Editing CommandsMoving the Insertion Point Cut and Paste Command Summary Nic Password Reboot Command Command Options ImportInline List Command Command Options Set Command Command Options Show Showsnmp SetsnmpStatus TtycharHelp Commands Command ReferenceStatus Command Command Description Create key SSL CommandsDelete key Import keyShow key Command Description Export keyList keys Delete cert Command Description Create certImport cert Export certDisplay the expanded certificate including PEM format Command Description Show certDisplays all certificates Set ciphersShow redirect Command Description Set redirectShow clientca Delete clientca Command Description Import clientcaCreate sign Export sign Command Description Delete signShow sign keyID Issuer e-mail address. You can change all, some or none Command Description Set defcertDisplay the default certificate creation information FieldShow kstrength Command Description Set kstrengthSet clienttmo Show clienttmoDisplays the currently specified server timeout value Command Description Set servertmoClient request is rejected Show servertmoCommand Definition Create block Port Mapping CommandsDelete block Show blockDelete permit Command Definition Create permitShow permit Delete map mapID Command Definition Create mapShow map List mapsCommand Description Bypass Operational CommandsInline Show spill Command Description Set spillCommand Description Set ip Remote Management CommandsMaxremotesessions Show telnet Command Description Set telnetSet telnetport Set ssh Command Description Show telnetportShow ssh Set sshportShowsnmp snmp Command Description Setsnmp snmpSetsnmp snmpinfo Snmpcommunity CommandDescriptionDelete Snmp community strings Trapcommunity Command Description Setsnmp trapauthenList trapcommunity Intel 7115 delete trapcommunity Delete trapcommunity Delete Snmp trap community stringsCommand Description Set alarms Alarms and Monitoring CommandsShow alarms Set rscwindowSet utlwindow Command Description Show rscwindowSet utlhighwater Show utlwindow Command Description Set utllowwaterShow utlhighwater Show utllowwaterIntel 7115 show ovlwindow CommandDescription Show ovlwindowCommand Description Show config Configuration CommandsDisplay current volatile configuration settings Intel 7115 show config default Default configuration Config reset Command Description Config compareConfig default Config saveConfiguration specifics are displayed Command Description Export configImport config Import a configuration file paste, xmodem, uudecodeImport patch Command Description Import upgradeList system Returns to factory configuration settings Command Description FactorydefaultCommand Description Password Administration CommandsShow info Set dateSet ether Command Description Set egressmacShow ether Set idletoNic Command Description Set moreSet prompt Set serialCommand Description Show serial Logging CommandsCommand Description ExitDelete saved log/trace files from /flash/logs Command Description Delete logAll deletes all logs List logsOverview Remote ManagementLimitations Remote Management CLI CommandsA P T E R Overview Local Serial Console Remote Telnet SessionsChanging the Telnet Port Remote Console, TelnetTo display the Telnet port Unix-prompttelnetEnable remote SSh sessions To verify Telnet disableRemote SSh Sessions Disabling TelnetPasswordpassword Unix-promptssh -1 adminRemote Console, SSh Changing the SSh PortIntel 7115 set ssh disable To verify SSh disableDisabling SSh To display the SSh portIntel MIB Tree Standards ComplianceSupported MIBs Where to find MIB FilesManagement Information Base-II MIB-II Intel Enterprise MIBs Ceo-header.myFollowing is a summary of the 7110/7115 private MIB Enterprise Private MIB SummaryPage Snmp ThrottlesPerSec Number of throttles per second Snmp Standard Snmp Traps Trap SummaryPrivate Traps in ssl-appliance-mib.my Intel 7115 setsnmp snmp disable Intel 7115 showsnmp snmp Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmpEnabling Snmp Intel 7115 showsnmp snmpinfo Specifying Snmp InformationIntel 7115 delete snmpcommunity Community StringTrap Community String Use CLI commands, setsnmp trapcommunity, listAccess Control Page Alarms Monitoring Set alarms All, esc, rsc, utl, ovl, nls None Show alarms CLI commands for alarm configuration areESC Encryption Status Change Alarm Alarm TypesAlarm Modifiers and Messages For exampleTo set Overload Alarm time window RSC Alarm CLI CommandsRSC Refused SSL Connections Extended DataTo display Overload Alarm time window UTL Utilization Threshold AlarmThis alarm monitors three utilization threshold values Intel 7115 set rscwindow Intel 7115 show rscwindowTo set Utilization Threshold Alarm time window UTL Alarm CLI commandsTo set Utilization Threshold Alarm high-water value To set Utilization Threshold Alarm low-water valueOVL Alarm CLI Commands OVL Overload AlarmIntel 7115 set ovlwindow seconds Range Intel 7115 set ovlwindow Intel 7115 show ovlwindowNLS Network Link Status Alarm Alarm LoggingIntel 7115 status Respend Inline Ip 10.1.11.34 netmask Intel 7115 status alarms Example, status alarms commandMonitoring Report ConfigurationMonitoring Reports Monitor report formatIntel 7115 set monitoringfields Monitoring Reports CLI CommandsIntel 7115 show monitoringfields Intel 7115 set monitoring enable Intel 7115 show monitoringPage Software Updates Press y for yes at the Continue with upgrade? prompt Using Windows§ HyperTerminal§Intel 7115 import upgrade Connect the serial cable to the 7110/7115 auxiliary console Command import patchIntel 7115import upgrade To send the uuencoded file use the ~ commandIntel 7115import patch Page Troubleshooting Intel 7115 set clienttmo See Global Site Certificates Error message IntermediateSettings Error message ServerThen use the nic command to force Different mediaLEDs Front PanelPress to physically force bypass mode bypass 7110/7115 Buttons and SwitchesFront Panel LEDs ProcessingOverload See Appendix B, FailureConnectors Failure/Bypass Modes Enable 7110/7115 processingBypass Button Fail-through Switch Security LevelP E N D I X B Fail-through Switch Security Level Page Cipher Strength Supported CiphersSSL Version Level RC2128 RC2 SSLv2RC4-64 SSLv2 RC464Page Taiwan Class a EMI Statement Regulatory InformationFCC Part 15 Compliance Statement Vcci StatementCE Compliance Statement Canada Compliance Statement Industry CanadaVcci Class a Japan Australia Cispr 22 StatementAvertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page END User Terms and Conditions of Sale and Software License Terms and Conditions and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 Worldwide Access to Technical Support Support ServicesNorth America only Japan onlySupport-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4