Secure Socket Layer Protocol - Ssl - Avaya ERS 2500 Technical Configuration Manual

9. Secure Socket Layer Protocol – SSL
Secure Socket Layer (SSL) deployment provides a secure Web management interface.
The SSL server has the following features:

SSLv3-compliant

PKI key exchange

key size of 1024-bit encryption

RC4 and 3DES cryptography

MAC algorithms MD5 and SHA-1
Generally, an SSL certificate is generated when

The system is powered up for the first time and the NVRAM does not contain a certificate
that can be used to initialize the SSL server.

The management interface (NNCLI and SNMP) requests that a new certificate to be
generated. A certificate cannot be used until the next system reset or SSL server reset.
SSL certificates are issued and signed by a Certificate Authority (CA) such as VeriSign. Because
the management and cost of purchasing a certificate from a CA is a client concern, Avaya issues
and signs the SSL certificate with the understanding that it is not a recognized CA.
The SSL certificate contains the following information. The first three items (Issuer, Start Date,
End Date) are constant. The remaining items are derived from the RSA host key associated with
the certificate. The certificate can be used by issuing the following command.

ERS-Stackable# show ssl certificate
Issuer : Nortel Networks
Start Date : May 26 2003, 00:01:26
End Date : May 24 2033, 23:01:26
SHA1 Finger Print:
a4:a7:a9:1e:db:80:c1:8a:f2:20:d7:b7:fe:11:64:48:c8:9b:82:1d
MD5 Finger Print:
df:58:36:c2:d1:e4:2b:31:b7:d8:83:9d:60:e7:9c:a3
RSA Host Key (length= 1024 bits):
408248c22a17def757363e5b71c8c7dc4b8f755c3b8f442c2c0fd8aed1d9c2fd
601ac6ddc6f636df0864f6ce0845d1aedb9cad0bea6c4f2c582da6adeab2f5b5
ffa604112c04c8c10744568a30eca27934a608e8c13ecaf7c831df28f8f62c3b
0e05b4c1b6a2f06bc918882a6a61f8b68fac5a2d66e6341df24218f807c9d9b1
To enable SSL or disable SSL, simply enter the following command:

ERS-Stackable(config)# ssl

ERS-Stackable(config)# no ssl
Avaya Inc. – External Distribution
avaya.com
45