Custom Ssl Certificate - Colubris Networks CN3000 Administrator's Manual

Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
Custom SSL The CN3000 can retrieve a custom SLL security certificate to replace the Colubris
Networks certificate that is included by default. .
certificate
Syntax
ssl-certificate= URL [ placeholder ]
Where:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 271 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Allows the access list to be activated even if this rule fails to
OPTIONAL
initialize. For example, if you specify a rule that contains an
address which cannot be resolved for some reason, the other
rules that make up the access list will still be initialized. If you do
not specify optional, a failed rule will cause the entire list to fail.
Important: Critical access list definitions (such as for a remote
login page, certificates) should not use the OPTIONAL setting
because if these definitions fail to initialize there will be no
indication in the log.
Specify what action the rule takes when it matches incoming
action
traffic. Two options are available:
• ACCEPT - Allow traffic matching this rule.
• DENY - Reject traffic matching this rule.
Specify the protocol to check: tcp, udp, icmp, all
protocol
Specify one of the following:
address
• IP address or domain name (up to 107 characters in length)
• Subnet address. Include the network mask as follows:
address/subnet mask For example: 192.168.30.0/24
• Use the keyword all to match any address.
• Use the keyword none if the protocol does not take an
address range (ICMP for example).
Specify a specific port to check or a port range as follows:
port
• none - Used with ICMP (since it has no ports).
• all - Check all ports.
• 1-65535[:1-65535] - Specify a specific port or port range.
Specify the name of the customer account the CN3000 will send
account
billing information to for this rule. Account names must be
unique and can be up to 32 characters in length.
Specify time between interim accounting updates. If you do not
interval
enable this option, accounting information is only sent when a
customer connection is terminated. Range: 5-99999 seconds in
15 second increments.
Parameter Description
Specify the URL that points to the new certificate.
URL