Manualshelf

User manual

ManualsBrandsRedline Communications ManualsComputer equipmentAN-50e
121122123124125126127128129130
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 123 of 152 March 2, 2011
dsa_key.pem size=672 md5=fa9bd7a1f465fd7e9fed30150b0608c4
192.168.25.2#
192.168.25.2# reboot
SSH Key Generate Utility
Use the Command 'generate sshkey dsa' to create a DSA key and save this file in the
user (usr) table. This key file will be persistent through reboots. After executing the
generate command, the AN-80i must be rebooted to activate the new key.
Example: Generate a new DSA key file.
192.168.25.2# generate sshkey dsa
192.168.25.2# reboot
8.2.5 HTTPS (SSL) for Secure Web
HTTPS (SSL) is a standard feature on all An-80i systems. HTTPS uses authentication
and encryption to provide secure access over an unsecured network. When HTTPS is
required, HTTP (unsecured access) should be disabled.
Out-of-Box Operation
The AN-80i provides out-of-box HTTPS (SSL) using an embedded X.509 certificate. The
embedded certificate is identical for all shipped AN-80i equipment and is intended only
to for initial system configuration. Use of the embedded certificate does not
provide a
secure solution.
When using the embedded certificate, warning messages may be displayed based on
browser security settings (e.g., '
The security certificate presented was not issued by a trusted
certificate authority. The security certificate presented was issued for a different website address.)
Th
e operator has full access to the secure Web interface.
It is recommended that system operators generate a unique certificate and private-public
keys, and load these on the AN-80i before
using the HTTPS feature in a produc tion
environment.
Enable HTTPS/SSL
HTTPS is disabled by (factory) default. Use the Web interface or CLI to enable HTTPS:
Web interface: Configuration screen -> Ethernet: HTTPS Enable
Command: set https on
Save the configuration to active changes.
To access the AN-80i using HTTPS, the URL entered in the Web browser must specify
'https' or directly reference port 443.
Example: To access the AN-80i when HTTPS is enabled (default IP shown):
https://192.168.25.2/ (Web browser automatically redirects to port 443)
http://192.168.25.2:443/ (Operator specifies port 443)
Loading HTTPS (SSL) Certificate and Key Files
Use the following steps to load user-generated X.509 certificate and key files:
1. Use a commercially available tool to create the required certificate and key files.
The X.509 certificate file must conform to the following:
Maximum file size is 1400 bytes
Subject must match the access method (e.g., IP or name)
Filename must be formatted as follows:
ssl_cert_<mac>.pem
The SSL (RSA) key file must conform to the following:
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299