Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

191

192

193

194

195

196

197

198

199

200

138 FastIron Configuration Guide

53-1002494-02

SSL security for the Web Management Interface

Support for SSL digital certificates larger than 2048 bits

Brocade devices have the ability to store and retrieve SSL digital certificates that are up to 4000

bits in size.

Support for SSL certificates larger than 2048 bits is automatically enabled. You do not need to

perform any configuration procedures to enable it.

Importing digital certificates and RSA private key files

To allow a client to communicate with other Brocade device using an SSL connection, you configure

a set of digital certificates and RSA public-private key pairs on the device. A digital certificate is

used for identifying the connecting client to the server. It contains information about the issuing

Certificate Authority, as well as a public key. You can either import digital certificates and private

keys from a server, or you can allow the Brocade device to create them.

If you want to allow the Brocade device to create the digital certificates, refer to the next section,

“Generating an SSL certificate”. If you choose to import an RSA certificate and private key file from

a client, you can use TFTP to transfer the files.

For example, to import a digital certificate using TFTP, enter a command such as the following.

Brocade(config)#ip ssl certificate-data-file tftp 192.168.9.210 certfile

Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>

NOTE

The digital certificate can be up to 4096 bits. Refer to “Support for SSL digital certificates larger than

2048 bits” on page 138.

To import an RSA private key from a client using TFTP, enter a command such as the following.

Brocade(config)#ip ssl private-key-file tftp 192.168.9.210 keyfile

Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>

The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.

NOTE

The RSA key can be up to 4096 bits.

Generating an SSL certificate

After you have imported the digital certificate, it should automatically generate.

If the certificate does not automatically generate, enter the following command to generate it.

Brocade(config)#crypto-ssl certificate generate

Syntax: [no] crypto-ssl certificate generate

If you did not already import a digital certificate from a client, the device can create a default

certificate. To do this, enter the following command.

Brocade(config)#crypto-ssl certificate generate default_cert

Syntax: [no] crypto-ssl certificate generate default_cert