User manual
& User
AN-80i
Manual
70-00072-01-08b Proprietary Redline Communications © 2009 Page 111 of 128 June 4, 2009
Example: Load SSL certificate and key files for the AN-80i unit with the MAC address 00
09 02 01 C1 9A. The TFTP server address is 192.168.25.1.
192.168.25.2# load file 192.168.25.1 ssl_cert_00-09-02-01-C1-9A.pem
192.168.25.2# load file 192.168.25.1 ssl_key_00-09-02-01-C1-9A.pem
192.168.25.2# reboot
The unit must
be rebooted following any changes (load/del) to the user table files.
Table 51: Security -- SSL Factory and Software Upgrade
Feature Parameters Field Upgrade Factory Installed)
SSL:
Secure
Web
ssl_cert<mac>.pem
ssl_key<mac>.pem
1. Use the default (embedded)
certificate and private key.
--- or ---
2. Use 'load' command to save
externally generated certificate
and key in the user table.
v3.09-PTP/11.20-PMP or
higher:
(1) and (2) as in field
upgrade.
Important: Always use secure transfer and storage when working with
encryption keys and certificates. Store encryption keys and certificate
information in a secure location. It is recommended to use the local Ethernet
port when loading encryption keys and certificates on the AN-80i.
7.3 Security Certificate and Key Files
7.3.1 Runtime Keys and Certificate
The following table lists keys and certificates loaded into runtime settings at reboot. Use
the CLI command 'show files run' to display the runtime settings.
Table 52: Security: Runtime Keys and Certificates
dsa_key_<mac>.pem DSA key used for SSH.
rsa_key_<mac>.pem RSA Key used for SSH.
ssl_cert<mac>.pem SSL X.509 certificate.
ssl_key<mac>.pem SSL RSA key.
fact_wacert_<mac>.der Factory X.509 authority certificate.
fact_wcert_<mac>.der
Factory X.509 certificate.
fact_wkey_<mac>.der Factory RSA key.
usr_wacert_<mac>.der User X.509 authority certificate.
usr_wcert_<mac>.der User X.509 certificate.
usr_wkey_<mac>.der User RSA key.