Installation guide
3 – Planning
Fabric Security
59042-08 A 3-13
0
3.6.1
Connection Security
Connection security provides an encrypted data path for switch management
methods. The switch supports the Secure Shell (SSH) protocol for the command
line interface and the Secure Socket Layer (SSL) protocol for management
applications such as SANsurfer Switch Manager and Common Information
Module (CIM).
The SSL handshake process between the workstation and the switch involves the
exchanging of certificates. These certificates contain the public and private keys
that define the encryption. When the SSL service is enabled, a certificate is
automatically created on the switch. The workstation validates the switch
certificate by comparing the workstation date and time to the switch certificate
creation date and time. For this reason, it is important to snychronize the
workstation and switch with the same date, time, and time zone. The switch
certificate is valid 24 hours before its creation date and 365 days after its creation
date. If the certificate should become invalid, refer to the “Create Command” on
page B-19 for information about creating a certificate.
Consider your requirements for connection security: for the command line
interface (SSH), management applications such as SANsurfer Switch Manager
(SSL), or both. If SSL connection security is required, also consider using the
Network Time Protocol (NTP) to synchronize workstations and switches.
Refer to System keyword of the “Set Setup Command” on page B-77 for
information about enabling the NTP client on the switch and configuring the
NTP server.
Refer to the “Set Command” on page B-58 for information about setting the
time zone.