Configuring Ssl On A Serveriron Adx; Obtaining A Serveriron Adx Keypair File - Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual

6

Configuring SSL on a ServerIron ADX

Configuring SSL on a ServerIron ADX
When configuring a ServerIron ADX for either SSL Termination mode or SSL Proxy mode, you must
perform each of the following configuration tasks:
•
•
•
•
•
•
•

Obtaining a ServerIron ADX keypair file

The keypair file specifies the location for retrieving the SSL asymmetric key pair, during an SSL
handshake. You can either generate an RSA keypair file on a ServerIron ADX or import a
pre-existing key pair, using secure copy (SCP).The key pair is stored in the flash memory and is not
deleted during a power cycle.
To generate an RSA keypair file, enter the following command.
ServerIronADX# ssl genrsa rsakey-file 1024 mypassword
Syntax: ssl genrsa <file-name> <key-strength> <password>
The <file-name> variable specifies the name of the keypair file. The file name can be up to 24
characters in length. The file name supports special characters like '-',' _', '$', ", '%', '&', and '!'. It
does not support spaces and '/' characters.
The <key-strength> variable specifies the Key strength (number of bits) for the RSA key pair. The
RSA key strength should be 512, 768, 1024 or 2048.
NOTE
The ServerIron ADX does not support key strength greater than 2048 bits.
The <password> variable specifies the password to the file. The length of password should not
exceed 64 characters.
140
Obtain a Keypair File – This section describes how to obtain an SSL asymmetic key pair. You
can generate an RSA key pair or import an existing key pair. See
keypair file" on page 140.
Certificate Management – This section describes various methods for obtaining a digital
certificate and the methods for importing Keys and Certificates. See
on page 141.
Basic SSL Profile Configuration – This section describes how to perform the minimum SSL
profile configuration. See
Advanced SSL Profile Configuration – This section describes additional SSL profile
configuration parameters. See
Configure Real and Virtual Servers for SSL Termination and Proxy Mode – This section
describes the configuration details required to configure the Real and Virtual servers for SSL
on a ServerIron ADX. See
Mode" on page 172.
Configuring Other Protocols with SSL– This section describes how to configure other popular
protocols such as LDAPS, POP3S and IMAPS with SSL acceleration. See
supported for SSL" on page 184
Configure System Max Values – This section describes how to configure system max values for
SSLv2 connection rate and memory limit for SSL hardware buffers. See
system max values" on page 185.
"Basic SSL profile configuration"
"Advanced SSL profile configuration"
"Configuring Real and Virtual Servers for SSL Termination and Proxy
"Obtaining a ServerIron ADX
"Certificate management"
on page 164.
on page 166.
"Other protocols
"Configuring the
ServerIron ADX Security Guide
53-1002440-03