Manualshelf

Specifications

ManualsBrandsCoyote Point Systems ManualsHome AudioEqualizer
191192193194195196197198199200
Installing a Server or Client Certificate for an HTTPS Cluster
Equalizer Installation and Administration Guide 179
5. If your Equalizer has an Xcel SSL Accelerator Card installed, a check box labelled use secure
key storage will appear at the top of the install SSL certificate screen. If you do not have an
Xcel Card, then this option will not appear on the screen.
Checking this box tells Equalizer to store your private key in write-only memory on the Xcel
card so that no one can access it. See the section “Using Certificates with the Xcel SSL
Accelerator Card” on page 180, for more information.
6. If you are installing a server certificate, leave the cluster radio button selected; if you are
installing a client certificate, make sure that the client radio button is selected.
7. Enter the full path name of the certificate file (or click Browse to select the file). Click upload
to install the certificate on Equalizer. You’ll be prompted for a password, which is the password
(PEM pass phrase) you provided when you generated the CSR for the certificate (or created the
self-signed certificate).
Note: Uploading the certificate can fail for a number of reasons. If the x509 verify cluster flag
is enabled, Equalizer will attempt to verify that the certificate is compliant with the X.509
standard. Certain self-signed or chained certificates will not pass this verification. If you have
trouble uploading your certificate, you may need to start this procedure again and, in Step 3,
disable x509 verify (and commit the change) before proceeding.
8. After the upload is complete, select menu > Manage SSL Certificates again to verify the
certificate details displayed in the Install SSL certificate screen. The screen should now show
the certificate details, as in the example below. In this example, a file containing a server
Caution – If you do not check this box (or you do not have an Xcel card), your key is kept on
Equalizer (in the directory /var/eq/ssl) and will be accessible to anyone who can log into
Equalizer. It is therefore essential that you restrict the ability of non-authorized personnel to
access Equalizer, since any user can log in and copy or remove your private key. All
Equalizer logins should be password protected with non-trivial passwords to restrict access
to your private keys, and passwords should be given only to trusted personnel.