Chapter 4 Configuring the domain 141

 

 

 

 

 

 

 

 

 

/cfg/domain #/server/ssl

 

 

followed by:

 

 

 

 

 

 

cachain <certificate

Specifies the CA certificate chain of the server

 

index list>

certificate.

 

 

certificate index list is a

 

 

 

comma-separated list of the certificate index

 

 

 

numbers assigned to the certificates in the chain.

 

 

 

The chain starts with the issuing CA certificate of

 

 

 

the server certificate and can range up to the root

 

 

 

CA certificate.

 

 

The command explicitly constructs the server

 

 

certificate chain. The chain and the server certificate

 

 

are sent to the browser.

 

 

To clear all specified chain certificates, press Enter at

 

 

the prompt to enter the certificate numbers. At the

 

 

prompt to confirm that you want to clear the list, enter

 

 

yes.

 

 

Note: The SSL server can use chain certificates only if

 

 

the protocol version is set to ssl3 or ssl23 (see

 

 

/cfg/domain #/server/ssl/protocol).

 

 

 

 

protocol

Specifies the protocol to use when establishing an SSL

 

ssl2ssl3ssl23tls1

session with a client. Valid options are:

 

 

ssl2 — accept SSL 2.0 only

 

 

ssl3 — accept SSL 3.0 and TLS 1.0

 

 

ssl23 — accept SSL 2.0, SSL 3.0, and TLS 1.0

 

 

tls1 — accept TLS 1.0 only

 

 

The default value is ssl3.

 

 

 

 

verify noneoptional

Specifies the level of client authentication to use when

 

required

establishing an SSL session. Valid options are:

 

 

none — no client certificate is required

 

 

optional — a client certificate is requested, but

 

 

 

the client need not present one

 

 

required — a client certificate is required

 

 

The default value is none.

 

 

Not supported in Nortel Secure Network Access Switch

 

 

Software Release 1.0.

 

 

 

 

ciphers <cipher list>

Specifies the cipher preference list.

 

 

cipher list is an expression that consists of

 

 

 

cipher strings separated by colons. The default

 

 

 

cipher list is ALL@STRENGTH.

 

 

For more information about cipher lists, see “Supported

 

 

ciphers” on page 881.

 

 

 

 

Nortel Secure Network Access Switch 4050 User Guide

Page 141
Image 141
Nortel Networks 4050 manual Cachain certificate, Index list, Yes, Cfg/domain #/server/ssl/protocol, Ciphers cipher list