Generating And Installing Ssl/Tls Certificates - Nokia IPSO 4.0 Reference Manual

8

Generating and Installing SSL/TLS Certificates

IPSO uses the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol to secure
connections over the Internet from the Nokia Network Voyager client to the IPSO system. SSL/
TLS, the industry standard for secure Web connections, gives you a secure way to connect to
Network Voyager. Creating a unique private key for your security platform and keeping it secret
is critical to preventing a variety of attacks that could compromise the security platform security.
When you set up your system for the first time, change your SSL/TLS certificate from the
default certificate. IPSO includes a default sample certificate and private key in the /var/etc/
voyager_ssl_server.crt and /var/etc/voyager_ssl_server.key files respectively.
The certificate and private key are for testing purposes only and do not provide a secure SSL/
TLS connection. You must generate a certificate, and the private key associated with the
certificate, to create a secure connection by using SSL/TLS.
Note
For security purposes, generate the certificate and private key over a trusted connection.
Generating an SSL/TLS Certificate and Keys
To generate a certificate and its associated private key
1. Click Generate Certificate for SSL under Configuration > Security and Access > Voyager in
the tree view.
2. Choose the Private Key Size that is appropriate for your security needs.
The larger the bit size, the more secure the private key. The default and recommended choice
is 1024 bits.
3. (Optional) Enter a passphrase in the Enter Passphrase and the Re-enter Passphrase fields.
The passphrase must be at least four characters long. If you use a passphrase, you must enter
the phrase later when you install your new key.
4. In the Distinguished Information section, enter identifying information for your system:
a. In the Country Name field, enter the two-letter code of the country in which you are
b. In the State or Province Name field, enter the name of your state or province.
c. (Optional) In the Locality (Town) Name field, enter the name of your locality or town.
d. In the Organization Name field, enter the name of your company or organization. If you
e. (Optional) In the Organizational Unit Name field, enter the name of your department or
f. In the Common Name (FQDN) field, enter the common name that identifies exactly
302
located.
are requesting a certificate from a certificate authority, the certificate authority may
require the official, legal name of your organization.
unit within your company or organization.
where the certificate will go. The common name is most commonly the fully qualified
Nokia Network Voyager for IPSO 4.0 Reference Guide