Manuals / Tripp Lite / Computer Equipment / Network Card

Tripp Lite B096-048, 93-2879, B096-016 owner manual Https, Generating an encryption key

Models: 93-2879 B096-016 B096-048

1 224

Download 224 pages 57.82 Kb

Page 190

http://www.openssl.org/docs/apps/openssl.html

http://www.openssl.org/docs/HOWTO/certificates.txt

15.8 HTTPS

The Management Console can be served using HTTPS by running the webserver via sslwrap. The server can be launched on request using inetd.

The HTTP server provided is a slightly modified version of the fnord-httpdfrom http://www.fefe.de/fnord/

The SSL implementation is provided by the sslwrap application compiled with OpenSSL support. More detailed documentation can be found at http://www.rickk.com/sslwrap/

If your default network address is changed or the unit is to be accessed via a known Domain Name, you can use the following steps to replace the default SSL Certificate and Private Key with ones tailored for your new address.

1. Generating an encryption key

To create a 1024 bit RSA key with a password, issue the following command on the command line of a Linux host with the openssl utility installed:

openssl genrsa -des3 -out ssl_key.pem 1024

2. Generating a self-signed certificate with OpenSSL

This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available for most Linux distributions via the default package management mechanism. (Windows users can check http://www.openssl.org/related/binaries.html )

To create a 1024 bit RSA key and a self-signed certificate, send the following openssl command from the host you have openssl installed on:

openssl req -x509 -nodes -days 1000 \

-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem

_____________________________________________________________________

B096-016 B096-048 and B092-016 User Manual

Page 190

Image 190

Tripp Lite B096-048, 93-2879, B096-016 owner manual Https, Generating an encryption key

Contents

Console Server Management Switch Index Failover and OUT-OF-BAND Access Alerts and Logging Authentication System Management Advanced Configuration 16.2 Advanced Control Panel 210 FCC Information IntroductionThis Manual User NoticeManual Organization Types of users Management ConsoleManual Conventions Publishing history Models InstallationIntroduction PortsKit components B092-016 Console Server with PowerAlert Power connectionPower Console Server Management Switch Network connection Power Console Server with PowerAlertSerial Port connection USB Port Connection Rackmount Console / KVM Connection B092-016 onlyInitial System Configuration Management Console ConnectionIP address Browser connectionPage At the Management Console menu select System Administration Administrator PasswordInitial B092-016 connection Configuration Method Select System AdministrationNetwork IP address 1 IPv6 configuration System Services Page PowerAlert Secure VNCCommunications Software Message Changes to configuration succeededPuTTY SSHTerm Management Network Configuration B096-048/016 only Configure Management Switch as a Management LAN gatewayPage Page Configure Management Switch for Failover or Broadband OoB Configuring Serial Ports Serial Port and Network HostCommon Settings Console Server Mode Page Page Page Device RPC, UPS, EMD Mode SDT ModeTerminal Server Mode Serial Bridging Mode Add/Edit Users SyslogPage Page Authentication Network HostsPage Trusted Networks Select Serial & Network Trusted NetworksAutomatically generate and upload SSH keys Serial Port CascadingCheck Generate SSH keys automatically and click Apply Manually generate and upload SSH keys Select RSA Keys and/or DSA KeysPublic Key # ssh remhost Configure the Slaves and their serial ports Managing the Slaves OoB Dial-In Access Failover and OUT-OF-BAND AccessConfigure dial-in PPP Check the Enable Dial-In Access box Modem PortNone Using SDT Connector client for dial-inSet up Windows XP/ 2003/Vista client for dial-in MSCHAPv2Set up earlier Windows clients for dial-in Set up Linux clients for dial-in OoB Broadband Access B096-048/016 onlyBroadband Ethernet Failover B096-048/016 only Page Dial-Out Failover Page Secure Tunneling and SDT Connector IntroductionConfiguring for SDT Tunneling to Hosts SDT Connector ConfigurationSDT Connector client installation Run the set-up programConfiguring a new gateway in the SDT Connector client Page Make an SDT connection through the gateway to a host Manually adding hosts to the SDT Connector gateway Manually adding new services to the new hosts Page Adding a client program to be started for the new service Dial-in configuration Choosing an alternate SSH client e.g. PuTTYPage Page Page Page SDT Connector to Management Console Page Page Pon networkconnection SDT Connector Public Key Authentication Importing and exporting preferencesSetting up SDT for Remote Desktop Access Configure the Remote Desktop Connection client Desktop ConnectionClick Connect Option Color depth 8, 16On a Macintosh client SDT SHH Tunnel for VNC Install, configure and connect the VNC Viewer Page Page Page Select Allow calling computer to specify its own address Set up SDT Serial Ports on Console Server Page Email alerts Configure SMTP/SMS/SNMP/Nagios alert serviceAlerts and Logging Select Alerts & Logging Smtp &SMSSMS alerts Snmp alerts Select Alerts & Logging SnmpNagios Alerts Activate Alert Events and NotificationsNetwork Serial Ports refer to Chapter Alert Add a new alert Page Configuring environment and power alert type Remote Log Storage 100Serial Port Logging 101102 Network TCP or UDP Port LoggingLevel 103 Remote Power Control RPCRPC connection 104 Click Add RPCRPC alerts User power management105 RPC status106 Uninterruptible Power Supply Control UPSPower on Power OFF Power Cycle Power Status Managed UPS connections107 108 Configure UPS powering the Console Server 109Configuring powered computers to monitor a Managed UPS 110UPS status 111UPS alerts Overview of Network UPS Tools NUT112 Environmental Monitoring 113Connecting the EMD 114Environmental alerts 115Environmental status 116 Authentication Configuration Authentication117 Enter the Server Password 118Radius authentication 119Ldap authentication 120RADIUS/TACACS user configuration 121PAM Pluggable Authentication Modules 122Secure Management Console Access 123124 Nagios Overview Nagios Integration125 Central management 126Set up distributed Console Servers Check Prefer NRPE, Nrpe Enabled and Nrpe Command ArgumentsClick New Check and select Check TCP. Select Port Click Console Server Mode and select Logging LevelSelect Serial Port from the Serial & Network menu Configuring Nagios distributed monitoring Page Enable Nrpe monitoring Select System Nagios and check Nrpe EnabledSelect System Nagios and check Nsca Enabled Enable Nsca monitoringConfigure selected Serial Ports for Nagios monitoring Configure selected Network Hosts for Nagios monitoring Permitted ServiceConfigure the upstream Nagios monitoring host Advanced Distributed Monitoring Configuration Sample Nagios configurationTripplitenrpedaemondep Hostname Tripplite Basic Nagios plug-ins Additional plug-insPage System Administration and Reset System ManagementUpgrade Firmware Configure Date and Time Select the Enable NTP checkbox on the Network Time ProtocolStatus Reports Port Access and Active UsersSelect the Status Port Access StatisticsSyslog Support ReportsSelect Status Syslog Local System Logging Remote System LoggingSelect Alerts & Logging Syslog Device Management ManagementPort & Host Management Serial Port Terminal Connection Power ManagementSelect Manage Power Select Manage TerminalSSH Remote Console Access B092-016 only Select Manage KVM Console ServerPage Basic Configuration Linux Commands IntroductionConfig Tool Syntax Linux Command lineDescription Etc/config/config.xml OptionsSystem Settings Administration ConfigurationAuthentication Configuration Manually Change Clock Settings Date and Time ConfigurationNetwork Time Protocol Time Zone IP ConfigurationStatic Dial-in Configuration ATQ0V1H0Services Configuration Serial Port Configuration Serial Port SettingsSupported Protocol Configuration UsersTrusted Networks Event Logging Configuration Remote Serial Port Log StorageAlert Configuration SDT host TCP PortsPage Configuration backup and restore Config -e Output FileGeneral Linux command usage Http//en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html Advanced Configuration IntroductionAdvanced Portmanager PmshellPmchat PmusersPortmanager Daemon External Scripts and AlertsPage Access to Serial Ports Raw Access to Serial PortsAccessing the Console Port Etc/config/ipfilter Standard IP-Filter configurationIP- Filtering Customizing the IP-Filter Etc/config/filter-custom Etc/config/snmpd.conf Modifying Snmp ConfigurationResources Adding more than one Snmp server Secure Shell SSH Public Key Authentication SSH OverviewGenerating Public Keys Linux $ ssh-keygen -t rsadsaInstalling the SSH Public/Private Keys Clustering Installing SSH Public Key Authentication LinuxChown fred /etc/config/users/fred/.ssh/authorizedkeys Generating public/private keys for SSH Windows OpenSSH OpenSSH Windows Fingerprinting SSH tunneled serial bridging IT is Possible That Someone is Doing Something NastyClient Keys $ ssh-keygen -t rsadsa SDT Connector Public Key Authentication Authorized KeysSecure Sockets Layer SSL Support Https Generating an encryption keyInstalling the key and certificate Power Strip Control PowerManTarget Specification Pmpower Adding new RPC devicesPage IPMItool SynopsisDescription Security Commands Scripts for Managing Slaves Ipmitool chassis helpSelect Status Support Report Local Client Service Connections Thin Client B092-016Page Connect- serial terminal Connect- browserConnect- VNC Connect- SSH Connect- Ipmi Connect- Remote Desktop RDP Option Connect- Citrix ICAAdvanced Control Panel Connect- PowerAlertSystem Terminal Custom System Shutdown / RebootSystem Logout StatusRemote control Appendix a Hardware Specification Appendix B Serial Port Connectivity Serial Port PinoutConnectors included in Console Server Appendix C End User License Agreement Page JSch License Page Page SUN Java License Page Warranty Registration Limited WarrantyTripp Lite 1111 W th Street Chicago IL 60609 USA 200903108 93-2879EN