Manualshelf

HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU
919293949596979899100
94 Configuring standard security features
Configuring for the SSL protocol
Fabric OS v4.4.0 and later supports Secure Sockets Layer (SSL) protocol, which provides secure access to
a fabric through Web-based management tools like Web Tools. SSL support is a standard Fabric OS
feature; it is independent of Secure Fabric OS, which requires a license and separate certification.
Switches configured for SSL grant access to management tools through hypertext transfer protocol-secure
links (which begin with
https://
) instead of standard links (which begin with
http://
).
SSL uses Public Key Infrastructure (PKI) encryption to protect data transferred over SSL connections. PKI is
based on digital certificates obtained from an Internet Certificate Authority (CA), which acts as the trusted
key agent.
Certificates are based on the switch IP address or Fully Qualified Domain Name (FQDN), depending on
the issuing CA. If you change a switch IP address or FQDN after activating an associated certificate, you
might have to obtain and install a new certificate. Check with the CA to verify this possibility, and plan
these types of changes accordingly.
Browser and Java support
Fabric OS supports the following Web browsers for SSL connections:
Internet Explorer (Microsoft Windows)
Mozilla (Solaris and Red Hat Linux)
In countries that allow the use of 128-bit encryption, you should use the latest version of your browser. For
example, Internet Explorer 6.0 and later supports 128-bit encryption by default. You can display the
encryption support (called “cipher strength”) using the Internet Explorer Help:About menu option. If you
are running an earlier version of Internet Explorer, you might be able to download an encryption patch
from the Microsoft Web site at http://www.microsoft.com
.
You should upgrade to the Java 1.4.2_03 Plug-in on your management workstation. To find the Java
version that is currently running, open the Java console and look at the first line of the window.
For more details on levels of browser and Java support, refer to the
Web Tools Administrator’s Guide
.
Summary of SSL procedures
You configure for SSL by obtaining, installing, and activating digital certificates for SSL support.
Certificates are required on all switches that are to be accessed through SSL.
You also need to install a certificate to the Java Plug-in on the management workstation, and you might
need to add a certificate to your Web browser.
Configuring for SSL involves these major steps, which are shown in detail in the next sections:
1. Choose a CA.
2. On each switch:
a. Generate a public/private key (secCertUtil genkey command).
b. Generate a certificate signing request (CSR) (secCertUtil gencsr command) and store the
CSR on an FTP server (secCertUtil export command).
512 TC P e xe c
513 TC P l o g i n
514 TC P s h e l l
897 TCP
This port is used by the Platform API.
Disable this port using the
configure command.
Table 21 Port information
Port Type Common use Comment