Manuals / Lantronix / Lawn and Garden / Pole Saw

Lantronix 900-560 manual Utilities, OpenSSL, Steel Belted Radius

Models: 900-560

1 152

Download 152 pages 54.85 Kb

Page 139

Utilities

16 Security in Detail

Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. The key can be encrypted with a password or not. The XPort Pro currently only accepts separate PEM files. The key needs to be unencrypted.

Utilities

Several utilities exist to convert between the formats.

OpenSSL

OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can generate or sign certificate requests. It can convert from and to all kinds of formats.

Executables are available for Linux and Windows.

To generate a self-signed RSA certificate/key combo:

openssl req –x509 –nodes –days 365 –newkey rsa:1024 –keyout mp_key.pem –out mp_cert.pem

See www.openssl.org or www.madboa.com/geek/openssl for more information.

Note: Signing other certificate requests is also possible with OpenSSL but is too complicated to explain here.

Steel Belted Radius

Steel Belted Radius is a commercial radius server by Juniper Networks that provides a GUI administration interface. It also provides a certificate request and self-signed certificate generator. The self-signed certificate has extension .sbrpvk and is in the PKCS12 format. OpenSSL can convert this into a PEM format certificate and key:

openssl pkcs12 –in sbr_certkey.sbrpvk –nodes –out sbr_certkey.pem

The sbr_certkey.pem file contains both certificate and key. If loading the SBR certificate into XPort Pro as an authority, you will need to edit it.

1.Open the file in any plain text editor.

2.Delete all info before “----- BEGIN CERTIFICATE-----“and after “-----

END CERTIFICATE-----“, and then save as sbr_cert.pem.

SBR accepts trusted-root certificates in the DER format. Again, OpenSSL can convert any format into DER:

openssl x509 –inform pem –in mp_cert.pem –outform der –out mp_cert.der

Note: With SBR, when the identity information includes special characters such as dashes and periods, SBR changes the format it uses to store these strings and

XPort Pro™ User Guide

139

Image 139

Lantronix 900-560 manual Utilities, OpenSSL, Steel Belted Radius

Contents

Part Number Revision A September XPort Pro User GuideRevision History Copyright & TrademarkContacts Disclaimer & RevisionsUsing This Guide ContentsIntroduction 6. Line, Tunnel, Terminal, and Host Settings Using DeviceInstaller4. Configuration Using Web Manager Network Settings11. Maintenance and Diagnostics Settings Services SettingsSecurity Settings 10. VIP Settings15. VIP 12. Advanced Settings13. Point to Point Protocol PPP 14. TunnelingFigures Figure 6-6a. Tunnel 1 Packing Mode Mode = Disable XPort Pro User Guide ContentsXML Import Configuration XML Import Configuration from External FileChapter 1. Using This GuidePurpose and Audience Summary of ChaptersDescription Chapter15 VIP Document Additional DocumentationDescription 2. Introduction Key FeaturesApplications Evolution OS Protocol SupportVIP Access Additional FeaturesWeb-Based Configuration and Troubleshooting Command-Line Interface CLIEnterprise-Grade Security Troubleshooting CapabilitiesTerminal Server/Device Management IP Address Configuration MethodsAddresses and Port Numbers Hardware AddressPort Numbers Product Information LabelAccessing XPort Pro using DeviceInstaller 3. Using DeviceInstallerCurrent Settings Device Details SummaryDescription Description Current SettingsAccessing Web Manager through a Web Browser 4. Configuration Using Web ManagerXPort Pro User Guide 4 Configuration Using Web ManagerFigure 4-1. Web Manager Home Page Header Items to configure Links to subpages Menu Bar Web Manager Page ComponentsConfiguration and/or Status Area Footer Information and Help Area See Page Navigating the Web ManagerWeb Manager Page DescriptionDescription Web Manager PageSee Page Figure 4-3. Device Status Device Status PageNetwork Settings 5. Network SettingsNetwork 1 eth0 Interface Status To view and configure network interface settings Network 1 eth0 Interface ConfigurationFigure 5-2. Network 1 eth0 Interface Configuration Description ConfigurationPage Settings NetworkNetwork 1Description Interface Configuration Page Settings Network 1 Ethernet LinkTo view and configure the Ethernet link Network 1-Ethernet Link Page SettingsSelect the Ethernet link speed. Default is Auto Select the Ethernet link duplex mode. Default is AutoLine Settings 6. Line, Tunnel, Terminal, and Host SettingsLine 1 Statistics Line Line 1 ConfigurationConfiguration Page SettingsLine Line 1 Command ModeConfiguration Page SettingsLine Command ModePage Settings Figure 6-3. Line 1 Command ModeLine Tunnel SettingsCommand Mode Page SettingsTunnel 1 - Statistics Serial SettingsTo configure serial settings Figure 6-5. Tunnel 1 Serial Settings Settings PageSettings Line SettingsTo configure the tunnel Packing Mode Packing ModeMode Page SettingsTunnel - Packing DescriptionDescription Accept ModePage Settings TunnelAccept Mode Page SettingsTunnel DescriptionTo configure Tunnel 1 Connect Mode Connect ModeFigure 6-10. Tunnel 1 Connect Mode Description Page SettingsReconnect Timer TunnelTunnel Connecting Multiple HostsConfiguring Additional Hosts Page SettingsTo promote a specific Host Host IP PromotionTo configure the tunnel Disconnect Mode Disconnect ModeDescription Mode Page SettingsModem Emulation Tunnel - DisconnectCommands SettingsEcho Commands Error UnknownLine Terminal Configuration Terminal SettingsTerminal on Line Network Terminal ConfigurationConfiguration Page SettingsTerminal on Line Configuration PageSettings Figure 6-16. Terminal on Network ConfigurationDescription Host ConfigurationSettings Host PageCPM Configurable Pins 7. Configurable Pin ManagerDescription Current ConfigurationConfiguration CPM - CPsNote These changes to a CP are not saved in FLASH. Instead, these CP settings are used when the CP is added to a CP Group. When the CP Group is saved, its CP settings are saved with it. Thus, a particular CP may be defined as “Input” in one group but as “Output” in another. Only one group c ontaining any particular CP may be enabled at once To configure the XPort Pro CP groups CPM GroupsIndicates whether the group is enabled or disabled Current ConfigurationGroup Status Configuration3. Click Submit To add a CP to a CP group 2. Click Submit To enable or disable a CP groupTo delete a CP group 3. Click Submit To set a CP group’s valueDNS Configuration 8. Services SettingsPPP Configuration Local IP Address PPP Configuration PageSettings DescriptionAuthentication Mode SNMP ConfigurationPPP Configuration Page SettingsDescription SNMP Page SettingsSelect On to enable SNMP Figure 8-3. SNMP ConfigurationDescription FTP ConfigurationFTP Page Settings Figure 8-4. FTP Configurationthe device is open to malicious update TFTP ConfigurationTFTP Page Settings Note TFTP has no way to authenticate the client soDescription Syslog ConfigurationSettings Syslog PageHTTP Statistics HTTP ConfigurationTo configure HTTP Change HTTP ConfigurationFigure 8-8. HTTP Configuration Description ConfigurationPage Settings HTTPDescription HTTP AuthenticationHTTP Configuration Page Settings Figure 8-9. HTTP AuthenticationDescription HTTP AuthenticationSettings PasswordDescription RSS SettingsSettings RSS PageLPD Statistics Page LPD SettingsSelect Enabled to print the banner even if the print job does LPD Configuration PageConfiguration Page SettingsBinary ConfigurationPage Settings DescriptionSSH Settings 9. Security SettingsSSH Server Host Keys Host Keys Page SettingsSSH Server DescriptionSSH Server Authorized Users Description SSH Client Known HostsPage Settings SSH ServerDescription SSH Client User ConfigurationPage Settings SSH ClientSSH Client SettingsPassword CommandDescription SSL SettingsSettings SSH ClientUpload SettingsSSL Page DescriptionUpload Authority SettingsSSL Page DescriptionOrganization SettingsSSL Page DescriptionVirtual IP VIP Statistics 10. VIP SettingsFigure 10-1. VIP Statistics Page Description Virtual IP VIP ConfigurationLine - Configuration Page SettingsXPort Pro User Guide 10 VIP SettingsFigure 10-2. VIP Configuration Page 3. Click SubmitFile System Configuration 11. Maintenance and Diagnostics SettingsFile System Statistics To browse the XPort Pro file system File System BrowserFigure 11-2. File system Browser Create Page SettingsFile system Browser DescriptionTCP Settings Protocol Stack ConfigurationCAUTION Setting this flag may pose a security risk Figure 11-4. IP Protocol Page IP SettingsARP Settings ICMP SettingsNote Both the IP and MAC addresses are required for the ARP cache Description IP Address FilterIP Address Filter Page Settings Figure 11-7. IP Address Filter ConfigurationFigure 11-8. Query Port Configuration Query PortHardware DiagnosticsTo view XPort Pro MIB-II statistics MIB-II StatisticsTo display open network sockets on the XPort Pro IP SocketsFigure 11-11. IP Sockets Figure 11-12. Diagnostics Ping PingDiagnostics Ping Page SettingsPro when issuing the traceroute command TracerouteDiagnostics SettingsPage Settings DNS LookupNote A DNS server must be configured for DNS Lookup to work Diagnostics DNS LookupFigure 11-15. Diagnostics Memory MemoryTo display memory statistics for the XPort Pro Processes Buffer PoolsTo display the XPort Pro buffer pools Note The Adobe SVG plug-in is required to view the CPU Load Graph Figure 11-17. Diagnostics ProcessesSystem Page System ConfigurationTo configure the XPort Pro system settings SettingsDescription Settingsreboot System PageEmail Configuration 12. Advanced SettingsEmail Statistics To configure XPort Pro email settings Email ConfigurationFigure 12-2. Email Configuration Description ConfigurationPage Settings EmailCommand Line Interface Statistics Command Line Interface SettingsSettings CLI ConfigurationCommand Line ConfigurationConfiguration XML ConfigurationXML Export Configuration Command LineFigure 12-5. XML Export Configuration To export a system configuration recordDescription Configuration PageSettings XML ExportDescription XML Export StatusPage Settings XML Status RecordDescription XML Import System Configuration PagePage Settings XML Status RecordTo import a system configuration Import Configuration from External FileFigure 12-9. XML Import from Filesystem Import Configuration from the FilesystemDescription ConfigurationSettings ImportImport Lines from Single Line Settings on the Filesystem Description XML Import Lines from Single Line SettingsSettings Import Lines13. Point to Point Protocol PPP pass packets through the XPort Pro, a static route must be configured on both the Connect Mode 14. TunnelingPage Disconnect Mode Accept ModePacking Mode Command ModeModem Emulation Description CommandDescription Serial Line SettingsStatistics CommandObtaining a bootstrap file Tunneling with VIP Access15. VIP Configuring Tunnels to Use VIP Importing the bootstrap fileEnabling VIP 16. Security in Detail SSH Server ConfigurationSecure Shell SSH To configure SSH client settings SSH Client ConfigurationCertificate Secure Sockets Layer SSLCipherSuites CertificatesRSA or DSA Security Certificate PrinciplesObtaining a Certificate and Private Key OpenSSL UtilitiesSteel Belted Radius FreeRadius Web Manager Customization 17. Branding the XPort ProTo change the XPort Pro short and long names with the web manager Command ModeObtaining Firmware 18. Updating FirmwareLoading New Firmware Email eutechsupp@lantronix.com or eusupport@lantronix.com A Technical SupportTechnical Support US Technical Support Europe, Middle East, AfricaDecimal B Binary to Hexadecimal ConversionsConverting Binary to Hexadecimal Conversion TableScientific Calculator Manufacturer’s Name & Address C ComplianceManufacturer’s Contact XPort Pro User Guide D WarrantyIndex Page Index