SSL

Secure Socket Layers (SSL) version 3 enables secure HTML sessions between a Sentry Remote Power Manager and a remote user. SSL provides two chief features designed to make TCP/IP (Internet) transmitted data more secure:

Authentication – The connecting client is assured of the identity of the server.

Encryption – All data transmitted between the client and the server is encrypted rendering any intercepted data unintelligible to any third party.

SSL uses the public-and-private key encryption system by RSA, which also requires the use of digital certificates. An SSL Certificate is an electronic file uniquely identifying individuals or websites and enables encrypted communication; SSL Certificates serve as a kind of digital passport or credential.

The Sentry product’s SSL Certificate enables the client to verify the Sentry’s authenticity and to communicate with the Sentry securely via an encrypted session, protecting confidential information from interception and hacking.

SSL Command Summary

Command

Description

Set SSL

Enables/disables SSL support

 

 

Set SSL access

Sets SSL access as optional or required

Enabling and Setting up SSL Support

NOTE: A restart of the Sentry is required after setting or changing ANY SSL configurations. See Performing a warm boot on page 38 for more information.

Enabling or disabling SSL support

The Set SSL command is used to enable or disable SSL support.

To enable or disable SSL support:

At the Sentry: prompt, type set ssl, followed by enabled or disabled and press Enter.

Setting SSL access level

The Set SSL Access command is used to assign use of SSL as optional or required. The default access level is set to optional.

To change the access level:

At the Sentry: prompt, type set ssl access, followed optional or required, and press Enter.

Example

The following changes the access level to required:

Sentry: set ssl access required<Enter>

SSL Technical Specifications

Secure Socket Layer (SSL) version 3

Transport Layer Security (TLS) version 1 (RFC 2246)

SSL/TLS-enabled HTTPS server (RFC 2818)

Self-Signed X.509 Certificate version 3 (RFC 2459)

Asymmetric Cryptography:

1024-bit RSA Key Exchange

Symmetric Cryptography Ciphers:

TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA

46 • Advanced Operations

Sentry PT22

 

Installation and Operations Manual