Configuration Examples For Ssl Termination And Proxy Modes; Configuring Ssl Termination Mode - Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual

6

Configuration Examples for SSL Termination and Proxy Modes

Configuration Examples for SSL Termination and Proxy Modes
This section describes the procedures required to perform the configurations described in
Termination Mode"
there, SSL Termination mode provides for an SSL connection between clients to the ServerIron
ADX. When configuring SSL Proxy Mode a configuration is created between the ServerIron ADX and
the server. In this case, the ServerIron ADX is configured as a client to the server.

Configuring SSL Termination Mode

In this mode, for enabling VRRPE for VIP address, it is necessary to use a different source-nat-ip for
ssl traffic.
For performing this function, use the following syntax:
Syntax: server source-nat-ip <ip> <mask> <gateway> port-range <range>
To configure SSL in the termination mode, perform the following tasks in sequence:
1. Generate or obtain an RSA key pair and copy it to the ServerIron ADX
2. Obtain a digital certificate and copy it to the ServerIron ADX
3. Create an SSL profile as described in
4. Within the SSL profile specify a keypair file as described in
5. Within the SSL profile specify a digital certificate file as described in
6. Within the SSL profile select a Cipher Suite as described in
7.
Example
Generate an RSA key pair
Generate a Self-signed Digital Certificate
176
on page 137 and
page 165.
file" on page 166.
page 165. This is optional.
Configure Real and Virtual Servers as described in
SSL Termination Mode" on page 173
ServerIronADX# ssl genrsa rsakey-file 1024 mypassword
ServerIronADX# ssl gencert certkey rsakey-file signkey rsakey-file mypassword
mycert
You are about to be asked to enter information that will be incorporated into
your certificate request. What you are about to enter is what is called a
Distinguished Name or a DN.
Country name (2 letter code) [US] US
State or province (full name) [California] California
Locality name (city) [city]San Jose
Organization name (Company name) [Brocade] Brocade
Organizational unit name (department) [Web administration] Web Administration
Common name (your domain name) [www.brocade.com] www.brocade.com
Email address [webadmin@brocade.com] webadmin@brocade.com
transfer_ssl_object_buf_to_bp : The object buffer length is 492
transfer_ssl_object_buf_to_bp: The message length is 622
"SSL Proxy Mode" on page 138. As shown in the examples
"Allowing Self Signed Certificates"
"Configuring Real and Virtual Servers for
on page 169
"Specifying a keypair file"
"Specifying a certificate
"Specifying a cipher suite"
ServerIron ADX Security Guide
53-1002440-03
"SSL
on
on