Https (Ssl) For Secure Web; Out-Of-Box Operation; Enabling Https (Ssl) - Redline RDL-3000 Series User Manual

RDL-3000 FAMILY
6.5

HTTPS (SSL) for Secure Web

HTTPS is an optional purchased feature enabled by the options key. HTTPS uses
authentication and encryption to provide secure access over an unsecured network.
When HTTPS is required, unsecure methods (TELNET and HTTP) should be disabled.

Out-of-Box Operation

HTTPS is disabled by (factory) default and is activated by installing an options key that is
enabled for HTTPS. For out-of-box operation, an embedded certificate is pre-loaded on
the radio. The operator can load a permanent externally generated key.
The embedded certificate is identical for all radios and is intended only to for initial
system configuration. Use of the embedded certificate does not provide a secure
solution. It is strongly recommended to load user-generated unique certificate and
private-public key files before using the HTTPS feature in a production environment.
When using the embedded certificate, warning messages may be displayed based on
browser security (e.g., The security certificate presented was not issued by a trusted
certificate authority. The security certificate presented was issued for a different website
address.) This message does not interfere with the function and the operator has full
access to the secure Web interface.

Enabling HTTPS (SSL)

HTTPS (SSH) is disabled by (factory) default. Use the following steps to enable HTTPS.
Use Embedded (Temporary) Key
For out-of-box operation, a temporary embedded certificate is loaded on reboot.
Use the CLI or Web interface to enable SSH:
1.
Web interface:
CLI Command:
Save the configuration to activate changes.
2.
Verify the radio is accessible using SSH, and then use the CLI or Web interface to
3.
disable HTTP and Telnet.
To access the radio using HTTPS, the URL entered in the Web browser must specify
'https' or directly reference port 443.
Example: To access the radio when HTTPS is enabled (default IP shown):
http://192.168.25.2:443/
https://192.168.25.2/
Use Operator Generated (Permanent) Certificate
The operator can load a permanent externally generated key.
Use a commercially available tool to create the certificate and key files. A TFTP
1.
server is required to load the certificate and key files.
The certificate file must conform to the following:
Use a TFTP server to load the key file into the radio (option 2 only).
2.
70-00158-03-00
Configuration screen -> Ethernet: HTTPS Enable
set https on

Maximum file size is 1400 bytes

Subject must match the access method (e.g., IP or name)

Filename must be formatted as follows: ssl_cert_<mac>.pem The SSL
(RSA) key file must conform to the following: Maximum 2048 bits.

Filename must be formatted as follows: ssl_key_<mac>.pem The
selected tool must create a file that conforms to the following: Maximum
key size is 2048 bits

Key filename must be in the following format: dsa_key_<mac>.pem
Proprietary Redline Communications © 2015
USER MANUAL
(Operator specifies port 443)
(Web browser defaults to port 443)
Page 163 of 254 April 17, 2015