User's Manual
DragonWave Inc.
112
Horizon Compact Plus Release 1.0.1 Wireless Ethernet Product User Manual – Volume 2
17.6.1 What is SSL?
SSL stands for Secure Sockets Layer. The SSL protocol, developed by Netscape, is supported by all
popular Web browsers such as Internet Explorer, Netscape, AOL and Opera. An SSL certificate, issued
by a Certification Authority (CA), must be installed on the Web server in order for SSL to work. SSL can
then be used to encrypt the data transmitted (secure SSL transactions) between a browser and Web
server. Browsers indicate an SSL secured session is active by changing the URL from http to https and
by displaying a small padlock in the bottom toolbar.
SSL works as follows:
1. A browser requests a secure page (usually through the https:// format within the URL).
2. The Web server sends its public key with its certificate.
3. The browser checks that the certificate was issued by a trusted party (usually a trusted root
Certificate Authority), that the certificate is still valid and that the certificate is related to the site
contacted. The browser keeps a list of trusted Certificate Authorities. New CA's may be
added to the browser by the user.
4. The browser then uses the public key, to encrypt a random symmetric encryption key and
sends it to the server with the encrypted URL required as well as other encrypted http data.
5. The Web server decrypts the symmetric encryption key using its private key and uses the
symmetric key to decrypt the URL and http data.
6. The Web server sends back the requested html document and http data encrypted with the
symmetric key.
7. The browser decrypts the http data and html document using the symmetric key and displays
the information.
17.6.2 Generating a Certificate
In order to generate a valid SSL certificate on the Horizon Compact Plus, the user must be logged in as
the Super User, and the system time must be accurate. The SSL certificate is tied to the Horizon
Compact Plus's IP address. If the IP address is changed, then the SSL certificate should be regenerated.
Otherwise the browser SSL session will allow access but it will report that the certificate is invalid. In this
situation, it is the browser user's responsibility to verify that the proper Horizon Compact Plus is being
accessed and that the invalid certificate is due to an IP address change. Note, the underlying SSL
connection between the browser and the Horizon Compact Plus is still encrypted.
Procedure 17-5
Generate SSL Certificate on the Horizon Compact Plus
Perform this procedure to generate an SSL certificate on the Horizon Compact Plus.
Note: To perform this procedure, you must have Super User rights.
Required Action
Steps
login
Log in as the Super User.