User manual
2
2-80
E/OS Command Line Interface User Manual
config
The purpose for generating new keys is to improve the security of the
SSL connections in case the private key has been compromised. This
is considered to be unlikely, but the generation of new keys is usually
performed periodically as a matter of security policy.
Once a new certificate and private key are generated, users will see a
message upon SSL connection that indicates that the new certificate is
unrecognized. You can then choose to accept or reject the connection.
The web browser warning message typically provides an MD5 or
SHA-1 fingerprint that allows the user to verify the connection before
continuing.
If you choose, you can manually verify the fingerprint shown by the
web browser by comparing it with the fingerprint provided at the
end of the config.security.ssl.show command.
The web browser will display another warning upon expiration of
the certificate. At this point, you can either choose to continue or
cancel, despite the expiry date.
NOTE: The generation of the certificate and private key can be CPU
intensive; therefore it is recommended that this be performed outside of peak
hours.
Parameters This command has one parameter:
Command Example
Root> config security ssl generateKeys 50
config.security.ssl.resetKeys
Syntax resetKeys
Purpose This command resets the SSL public certificate and private
encryption key to factory default values. For the next SSL connection,
a new certificate and private key will be created. The new certificate
will be valid for one year. The web browser will display a notification
when the certificate expires. At this point, you can either choose to
continue or cancel, despite the expiry date.
validDays The validity of the key in days. Valid values are 30
to 3650 days. This value should be selected as part
of a security policy. The certificate and private key
should be regenerated before this date expires.