HP Cisco MDS 9020 Cisco MDS 9000 Family Storage Media Encryption Configuration - Page 247
Provisioning Self-Sign Certificates, Configuring SSL for Cisco SME
View all HP Cisco MDS 9020 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 247 highlights
Send documentation comments to [email protected] C A P P E N D I X Provisioning Self-Sign Certificates The Secure Socket Layer (SSL) protocol secures the network communication and allows data to be encrypted before transmission and provides security. Many application servers and Web servers support the use of keystores for SSL configuration. This appendix also includes information on how to select the RSA Key Manager. This appendix includes the following sections: • Configuring SSL for Cisco SME, page C-1 • Generating and Installing Self-Signed Certificates, page C-4 • Editing SSL Settings in Cisco Fabric Manager Web Client, page C-6 Configuring SSL for Cisco SME A certificate is an electronic document that you use to identify a server, a company, or some other entity and to associate that identity with a public key. Certificate authority (CA) are entities that validate identities and issue certificates. The certificate that the CA issues binds a particular public key to the name of the entity that the certificate identifies (such as the name of a server or device). Only the public key that the certificate certifies works with the corresponding private key that is possessed by the entity that the certificate identifies. Certificates help prevent the use of fake public keys for impersonation. You must install a third-party tool such as the OpenSSL application to generate a certificate request. In Windows, by default, openssl.exe is located at c:\openssl\bin. Before configuring the SSL, consider the following: • Ensure that the time in all the switches, Fabric Manager server and the system running the OpenSSL commands, are all synchronized. • Provide different identities for the CA certificate and KMC certificate. • Only JRE1.6 JAVA keytool is supported for importing PKCS12 certificates to Java Keystores (JKS) files. This section describes the following topics: • Creating CA Certificates, page C-2 • Generating KMC Certificate, page C-4 OL-18091-01, Cisco MDS NX-OS Release 4.x Cisco MDS 9000 Family Storage Media Encryption Configuration Guide C-1