Importing Ssl Keys To The Sensors - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
Figure 114: SSL Configuration
6
7
8

Importing SSL keys to the Sensors

The
Manager for the IPS Sensors of a
be pushed to one or more Sensors via
Using provided SSL keys, a Sensor can decrypt SSL traffic for IPS inspection. Manager
provides a passthru interface for you to import a set of public/private keys to a Sensor.
Manager stores an escrow of the imported keys for Sensor recovery purpose. However,
Manager does not interpret the escrowed keys, nor does it attempt to recover the keys
themselves in case a Sensor has lost its key encryption key. In order to protect the
imported keys both in transit and in escrow, Manager uses the public key of a Sensor's
public/private key pair.
Network Security Platform supports PKCS12 keys with file suffixes ".pkcs12", ".p12", or
".pfx".
Note:
more information, see Enabling SSL functionality in IPS Settings node (on page
105).
To import an SSL key to a specific Sensor, do the following:
SSL Cache Time
Type a value for the
The value represents the length in time a session is kept alive after the last
connection closes. This value should be equal to the session cache time on the
corresponding server.
SSL Operation Status
Note the
Sensor is currently enabled.
To apply the above configuration, click
SSL Flow Count
the value, you are prompted to reboot the Sensor for proper
functionality.
Key Import
action enables you to download Secure Socket Layer (SSL) keys to
Before importing SSL keys to a Sensor, you must enable SSL decryption. For
. This time relates to session resumption in SSL.
. This field indicates whether or not SSL decryption on the
Apply
. If you are enabling SSL or have changed
IPS Settings
node. Once imported to Manager, keys can
Configuration Update
.
106
Managing IPS settings