Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
11121314151617181920
4 ServerIron ADX Graphical User Interface Guide
53-1002412-01
Setting up secure web access
1
For more information about configuring the management port, refer to the ServerIron ADX
Administration Guide.
Enabling the web interface
To access the web interface, the web management, HTTP, and Simple Object Access Protocol
(SOAP) services must be enabled in the device. These services are enabled by default.
If these services are not enabled, you can connect to the device using the configured IP address in
the CLI.
To enable the web management, HTTP, and SOAP services in the device, enter the following
commands in the CLI using the configuration mode:
ServerIronADX# web-management enable
ServerIronADX# web-management http
ServerIronADX# web-management soap-service
Setting up secure web access
The ADX device uses the Secure Socket Layer (SSL) protocol to provide secure management
through the web interface. You can set up secure web access (HTTPS) with an SSL server
certificate. The SSL protocol uses the digital certificate and a public-private key pair to establish a
secure connection to the ADX device. The digital certificate serves to prove the identity of
participating entities, while the public-private key pair encrypts or decrypts the data that is sent
between these participants.
When you access the device through HTTPS, the client and server begin their communication with
an SSL handshake. This process initiates the creation of an encrypted connection. If the
handshake does not match or your certificate has expired, the connection will not be created.
A variety of cryptographic algorithms are supported by SSL. During the "handshaking" process, the
DSA public-key cryptosystem is used. After the exchange of keys, a number of ciphers are used that
include RC4 and triple-DES for data encryption, and the SHA-1 and MD5 digest algorithm for
message authentication.
To enable secure access on the device, you must generate an SSL certificate and enable HTTPS on
the device. You can generate the SSL digital certificates and private key files from the web interface
or from the CLI. To generate a self-signed SSL certificates and private key files from the web
interface, refer to “Generating self-signed certificates” on page 107.
Generating SSL certificates
The SSL digital certificate and private key can either be imported from an external device or
self-generated by the ADX device.
Importing SSL digital certificates and private key files from CLI
To import a digital certificate from the Trivial File Transfer Protocol (TFTP) server, enter the following
command.
ServerIronADX(config)# ip ssl certificate-data-file tftp <ip address>
<certificate file-name>