Manualshelf

User manual

ManualsBrandsRedline Communications ManualsComputer equipmentAN-50e
121122123124125126127128129130
AN-80i User Manual
70-00072-01-10 Proprietary Redline Communications © 2011 Page 130 of 152 March 2, 2011
Out-of-box Operation
Out-of-box, HTTPS access does not
meet the security standards for FIPS security mode
(embedded certificate and key are i dentical for all units). Each AN-80i system to use
HTTPS in FIPS mode must meet the following requirements:
1. AN-80i software with FIPS support is loaded and operational.
2. FIPS mode must be active (see FIPS Mode Out-of-Box Operation).
3. X.509 certificate and key files for HTTPS (SSL) must be loaded in the FIPS table.
It is recommended to use the local Ethernet port when transferring encryption keys and
certificates to the AN-80i.
Loading HTTPS (SSL) Certificate and Key Files
Use the following steps to load user-generated X.509 certificate and key files:
1. Use a commercially available tool to create the required certificate and key files.
The X.509 certificate file must conform to the following:
Maximum file size is 1400 bytes
Subject must match the access method (e.g., IP or name)
Filename must be formatted as follows:
ssl_cert_<mac>.pem
The SSL (RSA) key file must conform to the following:
Maximum 2048 bits.
Filename must be formatted as follows:
ssl_key_<mac>.pem
2. Copy the key files to the default directory on a TFTP (or SFTP) server.
3. Use the CLI 'load' command to load the RSA key and certificate.
4. Use the command 'show files fips' to verify the files have been successfully loaded.
5. Reboot the AN-80i to activate changes to the key files. HTTPS will be available after
the system reboot is completed.
Example
Load HTTPS (SSL) key and certificate files from the TFTP server at 192.168.25.1 to the AN-80i
having MAC address 00 09 02 01 C1 9A.
192.168.25.2# load file 192.168.25.1 ssl_cert_00-09-02-01-C1-9A.pem fips tftp
192.168.25.2# load file 192.168.25.1 ssl_key_00-09-02-01-C1-9A.pem fips tftp
192.168.25.2# show files fips
dsa_key.pem size=672 md5=fa9bd7a1f465fd7e9fed30150b0608c4
usr_ssl_key.der size=1194 md5=1c5c5ddd0f08604a3b48cf41a8570557
usr_ssl_cert.der size=1144 md5=ff0ce6923fc67a02d1e7bc6fa4856f94
192.168.25.2# reboot
Enable HTTPS (SSL) Access
If the certificate and key files do not
exist in the fips table, HTTPS is automatically
disabled when the AN-80i is changed to FIPS mode.
Enter the Command 'set https on' to enable HTTPS. Use the Command 'save config' to
save this setting and activate changes.
FIPS Status Summary Screen
The FIPS status screen is displayed in the Web GUI by clicking System Status in the
main menu, locating FIPS Mode and then clicking on the status (Off/On) link.
4Gon www.4Gon.co.uk info@4gon.co.uk Tel: +44 (0)1245 808295 Fax: +44 (0)1245 808299