Specifications
The CLI Command Interface Nur für den internen Gebrauch
A31003-H3580-M103-2-76A9, 01-2009
D-12 HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation
hg-d.fm
Security commands
D.6 Security commands
This includes commands for the initial configuration of SSL functions and for enabling and dis-
abling the IPsec function.
D.6.1 SSL Functions
The initial configuration is performed on site via the V.24 interface.
Enabling and disabling SSL
The following two commands are used for enabling and disabling the SSL function:
enable ssl
disable ssl
Configuring SSL
A self-signed server certificate (for each gateway) is generated with the following command:
create ssl certificate
<cert.name><ser.num><subj.name><val.from><val.till>[<sig.alg>
[<pub.key alg>[<pub.key len>[<alt.name>[<CRL distr. point>]]]]]
This means:
<cert.name> certificate name
<ser.num> serial number of the certificate
<subj.name>subject name in the format "C=<country>, O=<organization>,
OU=<use>, CN=<name>"“, where <country>should be specified with two letters,
for example, EN.
<val.from> beginning of the certificate validity period in the format YYYY/MM/DD/HH:MM:SS
<val.till> end of the certificate validity period in the format YYYY/MM/DD/HH:MM:SS
All time entries refer to GMT.
Optional parameters:
<sig.alg> signature algorithm type in the format DSA_WITH_SHA1 or MD5_WITH_RSA or
SHA1_WITH_RSA
<pub.key alg> official key algorithm type in the format DSA or RSA
<pub.key len> length of the official key in the format 768, 1024, 1536 or 2048
<alt.name> alternative subject name in the format "C=<country>, O=<organization>,
>
Telnet and TFTP are disabled when the SSL function is enabled. The respective Tel-
net and TFTP functions are only available again when SSL is disabled.