RDL-3000 FAMILY
Out-of-Box Operation
The RDL-3000 provides out-of-box HTTPS (SSL) using an embedded X.509 certificate.
The embedded certificate is identical for all shipped RDL-3000 equipment and is
intended only to for initial system configuration. Use of the embedded certificate does
not provide a secure solution.
When using the embedded certificate, warning messages may be displayed based on
browser security settings (e.g., '
certificate authority. The security certificate presented was issued for a different website address.)
e operator has full access to the secure Web interface.
Th
It is recommended that system operators generate a unique certificate and private-public
keys, and load these on the RDL-3000 before using the HTTPS feature in a production
environment.
Enabling HTTPS/SSL
HTTPS is disabled by (factory) default. Use the Web interface or CLI to enable HTTPS:
Web interface:
Command: set https on
Save the configuration to active changes.
To access the RDL-3000 using HTTPS, the URL entered in the Web browser must
specify 'https' or directly reference port 443.
Example: To access the RDL-3000 when HTTPS is enabled (default IP shown):
https://192.168.25.2/
http://192.168.25.2:443/
Loading HTTPS/SSL Certificates and Keys
Use the following steps to load user-generated X.509 certificate and key files:
1. Use a commercially available tool to create the required certificate and key files.
The X.509 certificate file must conform to the following:
Maximum file size is 1400 bytes
Subject must match the access method (e.g., IP or name)
Filename must be formatted as follows:
ssl_cert_<mac>.pem
The SSL (RSA) key file must conform to the following:
Maximum 2048 bits.
Filename must be formatted as follows:
ssl_key_<mac>.pem
2. Copy the key files to the default directory on a TFTP server.
3. Use the CLI 'load' command to load the RSA key and certificate. It is recommended
to use the local Ethernet port when transferring encryption keys and certificates to
the RDL-3000.
4. Use the command 'show files usr' to verify the files have been successfully loaded.
5. Reboot the RDL-3000 to activate changes to the key files. HTTPS is available when
the system reboot is completed.
Example
70-00158-01-08
USER MANUAL
The security certificate presented was not issued by a trusted
Configuration screen -> Ethernet: HTTPS Enable
(Web browser defaults to port 443)
Proprietary Redline Communications © 2011
(Operator specifies port 443)
Page
139
of 150
December 7, 2011