Manuals / Intel / TV and Video / TV Mount

Intel A31032-001 Next, import the client CA certificate for Map ID, Intel 7115 import clientca

Models: A31032-001

1 196

Download 196 pages 18.6 Kb

Page 41

C H A P T E R 3

Client Authentication

Next, import the client CA certificate for Map ID 2.

Intel 7115> import client_ca 2

Import protocol: (paste, xmodem, uudecode)

[paste]: <Enter>

Type or paste in data, end with ... alone on line

-----BEGIN CERTIFICATE-----

MIIDxzCCAzCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBpDEL

MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ

BgNVBAcTCVNhbiBEaWVnbzEUMBIGA1UE

.

.

.

XcCabZcfBRuYcZeUoNrGUl8tD80jp2YNG1vidgLEaD1YCli5

I9/mNrcB25mSfdAR

/08ROTMxm4VKOSA=

-----END CERTIFICATE

-----<Enter>

...<Enter>

Verify the import by using the list map command again. Note that the Client Auth column now shows client authentication for Map ID 2 enabled.

Intel 7115> list map
Map			Net	Ser	Cipher	Re-	Client
ID KeyID Server IP Port Port					Suites	direct Auth
== ===== ========= ==== ====					======	=====	====
1	default	Any	443	80	all(v2+v3) n		n
2	sample	10.1.2.57 443		80	med(v2+v3) n		y

Clients connecting to “map 2” are required to present a client certificate signed by the CA whose certificate was imported above. If they do not present a properly signed certificate, their connection attempt is refused.

3-19

Image 41

Intel A31032-001 manual Next, import the client CA certificate for Map ID, Intel 7115 import clientca

Contents

Version Intel NetStructure 7110/7115 e-Commerce Accelerator Trademarks Copyright Table of Contents Theory of Operation Scenarios Remote Management Alarms and Monitoring Troubleshooting Appendix a Front Panel List of Figures Xii About this User Guide Introduction Remote Management New in This Release Before You Begin Who Should Use this Book How to Use this Book Glossary defines terms appearing in this User Guide Page Installation and Initial Configuration Rack Installation Installing the 7110/7115 Free- Standing or in a Rack Network Connections Free-Standing Installation Status Check Admin Terminal ConnectionNetwork and Server LEDs Inline LED HyperTerminal§ Paste Operations Server and Network LEDs TroubleshootingContinuing Configuration Single Server Acceleration Theory of OperationSecurity Multiple Servers 7110/7115 in Single Server Configuration Positioning 7110/7115 between ITM Device and Client Network Working with Internet Traffic Management ITM Devices Spilling and Throttling Positioning 7110/7115 between ITM Device and ServerScalability and Cascading Availability Keys and Certificates Cutting and Pasting with HyperTerminal§ Create a key Type the create key command at the prompt ProcedureCreate a Certificate Signing Request Intel 7115 create sign Asciix Enter Certificate REQUEST----- linesIntel 7115 export sign mywebserver Enter Typically, the CSR will look something like this Apache Interface to Open SSL§ modssl Save the configuration when the server has been mappedExporting a Key/Certificate from a Server Apache SSL§ Intel 7115 import key mywebserver Stronghold§Importing into the 7110/7115 Save the configuration when the server has been mapped Creating a new Key/Certificate on the 7110/7115 Enter the create cert command with the keyIDCreate a key as follows Intel 7115 create cert mywebserver Overview Global Site Certificates Intel 7115 import cert keyID Global Site Certificate Paste ProcedureExample Intel 7115 set redirect A P T E R Redirection Clients and Unsupported Ciphers To disable a redirect URL for a mapping Client AuthenticationIntel 7115 show redirect Intel 7115 set redirect 2 none Intel 7115 show redirect Intel 7115 import clientca Next, import the client CA certificate for Map ID Generate a certificate signing request Creating a Client CA Certificate using OpenSSL§Generate the client CA certificate Automapping SSL ProcessingMapping Automapping with multiple port combinations Automapping with user-specified key and certificateDeleting automapping entries Manual mapping Combining automapping and manual mapping Use the show block command to verify Use show block to verify Subnet IP, Specific PortAll IPs, Specific Port Intel 7115 delete block Use the show block command to confirm the blockDelete a Block Failure Conditions, Fail-safe, and Fail-through Scenarios Syntax Scenario 1-Single Server Procedure for ScenarioManual Configuration Intel 7115delete map 1 Intel 7115list maps Scenario 2-Multiple Servers This scenario shows how to configure two or more servers ID KeyID Assumptions Scenario 3-Multiple 7110/ 7115s, Cascaded Multiple Cascaded 7110/7115s Intel 7115 export config After verification y or refusal n, the prompt reappears Save the configurationIntel 7115 import config Intel 7115set egressmac none To reverse this process Online Help Command Reference User Authentication Command Line InterfaceCommand Line Prompt Abbreviation to Uniqueness A P T E R Command Line Interface Moving the Insertion Point Input Editing CommandsCommand History Cut and Paste Command Summary Inline List Command Command Options ImportNic Password Reboot Command Command Options Set Command Command Options Show Showsnmp SetsnmpStatus Ttychar Status Command Command ReferenceHelp Commands Command Description Create key SSL CommandsDelete key Import key List keys Command Description Export keyShow key Delete cert Command Description Create certImport cert Export cert Display the expanded certificate including PEM format Command Description Show certDisplays all certificates Set ciphers Show clientca Command Description Set redirectShow redirect Create sign Command Description Import clientcaDelete clientca Show sign keyID Command Description Delete signExport sign Issuer e-mail address. You can change all, some or none Command Description Set defcertDisplay the default certificate creation information Field Show kstrength Command Description Set kstrengthSet clienttmo Show clienttmo Displays the currently specified server timeout value Command Description Set servertmoClient request is rejected Show servertmo Command Definition Create block Port Mapping CommandsDelete block Show block Show permit Command Definition Create permitDelete permit Delete map mapID Command Definition Create mapShow map List maps Inline Operational CommandsCommand Description Bypass Show spill Command Description Set spill Maxremotesessions Remote Management CommandsCommand Description Set ip Set telnetport Command Description Set telnetShow telnet Set ssh Command Description Show telnetportShow ssh Set sshport Setsnmp snmpinfo Command Description Setsnmp snmpShowsnmp snmp Delete Snmp community strings CommandDescriptionSnmpcommunity List trapcommunity Command Description Setsnmp trapauthenTrapcommunity Intel 7115 delete trapcommunity Delete trapcommunity Delete Snmp trap community strings Command Description Set alarms Alarms and Monitoring CommandsShow alarms Set rscwindow Set utlhighwater Command Description Show rscwindowSet utlwindow Show utlwindow Command Description Set utllowwaterShow utlhighwater Show utllowwater Intel 7115 show ovlwindow CommandDescription Show ovlwindow Display current volatile configuration settings Configuration CommandsCommand Description Show config Intel 7115 show config default Default configuration Config reset Command Description Config compareConfig default Config save Configuration specifics are displayed Command Description Export configImport config Import a configuration file paste, xmodem, uudecode List system Command Description Import upgradeImport patch Returns to factory configuration settings Command Description Factorydefault Command Description Password Administration CommandsShow info Set date Set ether Command Description Set egressmacShow ether Set idleto Nic Command Description Set moreSet prompt Set serial Command Description Show serial Logging CommandsCommand Description Exit Delete saved log/trace files from /flash/logs Command Description Delete logAll deletes all logs List logs Overview Remote Management Limitations Remote Management CLI Commands A P T E R Overview Local Serial Console Remote Telnet Sessions Changing the Telnet Port Remote Console, TelnetTo display the Telnet port Unix-prompttelnet Enable remote SSh sessions To verify Telnet disableRemote SSh Sessions Disabling Telnet Passwordpassword Unix-promptssh -1 adminRemote Console, SSh Changing the SSh Port Intel 7115 set ssh disable To verify SSh disableDisabling SSh To display the SSh port Intel MIB Tree Standards Compliance Supported MIBs Where to find MIB FilesManagement Information Base-II MIB-II Intel Enterprise MIBs Ceo-header.my Following is a summary of the 7110/7115 private MIB Enterprise Private MIB SummaryPage Snmp ThrottlesPerSec Number of throttles per second Snmp Private Traps in ssl-appliance-mib.my Trap SummaryStandard Snmp Traps Enabling Snmp Intel 7115 setsnmp snmp enable Intel 7115 showsnmp snmpIntel 7115 setsnmp snmp disable Intel 7115 showsnmp snmp Intel 7115 showsnmp snmpinfo Specifying Snmp Information Intel 7115 delete snmpcommunity Community String Trap Community String Use CLI commands, setsnmp trapcommunity, list Access Control Page Alarms Monitoring Set alarms All, esc, rsc, utl, ovl, nls None Show alarms CLI commands for alarm configuration are ESC Encryption Status Change Alarm Alarm TypesAlarm Modifiers and Messages For example To set Overload Alarm time window RSC Alarm CLI CommandsRSC Refused SSL Connections Extended Data To display Overload Alarm time window UTL Utilization Threshold AlarmThis alarm monitors three utilization threshold values Intel 7115 set rscwindow Intel 7115 show rscwindow To set Utilization Threshold Alarm time window UTL Alarm CLI commandsTo set Utilization Threshold Alarm high-water value To set Utilization Threshold Alarm low-water value OVL Alarm CLI Commands OVL Overload AlarmIntel 7115 set ovlwindow seconds Range Intel 7115 set ovlwindow Intel 7115 show ovlwindow NLS Network Link Status Alarm Alarm Logging Intel 7115 status Respend Inline Ip 10.1.11.34 netmask Intel 7115 status alarms Example, status alarms command Monitoring Report ConfigurationMonitoring Reports Monitor report format Intel 7115 set monitoringfields Monitoring Reports CLI Commands Intel 7115 show monitoringfields Intel 7115 set monitoring enable Intel 7115 show monitoringPage Software Updates Intel 7115 import upgrade Using Windows§ HyperTerminal§Press y for yes at the Continue with upgrade? prompt Connect the serial cable to the 7110/7115 auxiliary console Command import patch Intel 7115import upgrade To send the uuencoded file use the ~ command Intel 7115import patch Page Troubleshooting Intel 7115 set clienttmo See Global Site Certificates Error message Intermediate Settings Error message ServerThen use the nic command to force Different media LEDs Front Panel Press to physically force bypass mode bypass 7110/7115 Buttons and SwitchesFront Panel LEDs Processing Overload See Appendix B, Failure Connectors Failure/Bypass Modes Enable 7110/7115 processing Bypass Button Fail-through Switch Security Level P E N D I X B Fail-through Switch Security Level Page Cipher Strength Supported Ciphers SSL Version Level RC2128 RC2 SSLv2RC4-64 SSLv2 RC464Page Taiwan Class a EMI Statement Regulatory Information FCC Part 15 Compliance Statement Vcci Statement CE Compliance Statement Canada Compliance Statement Industry Canada Vcci Class a Japan Australia Cispr 22 Statement Avertissement Warnung Advertencias Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise Page END User Terms and Conditions of Sale and Software License Terms and Conditions and Software LicensePage P E N D I X E Page Year warranty Process of being installed Export Law Regulations Page Glossary Glossary-2 Glossary-3 Glossary-4 Worldwide Access to Technical Support Support ServicesNorth America only Japan only Support-2 Intel NetStructure 7110/7115 e-Commerce Accelerator User Support-4 Index D E Index-3 Index-4