Configuring Secure Socket Layer (SSL)
Terminology
HP
Switch
(SSL
Server)
SSL Client
Browser
1. Switch-to-Client SSL Cert.
2. User-to-Switch (login password and
enable password authentication)
options:
– Local
– TACACS+
– RADIUS
Figure 7-1. Switch/User Authentication
SSL on the Series 5300XL switches supports these data encryption methods:
■ 3DES (168-bit, 112 Effective)
■ DES (56-bit)
■ RC4 (40-bit, 128-bit)
Note: ProCurve Switches use RSA public key algorithms and Diffie-Hellman, and all
references to a key mean keys generated using these algorithms unless
otherwise noted
Terminology
■ SSL Server: An HP switch with SSL enabled.
■ Key Pair: Public/private pair of RSA keys generated by switch, of
which public portion makes up part of server host certificate and
private portion is stored in switch flash (not user accessible).
■ Digital Certificate: A certificate is an electronic “passport” that is
used to establish the credentials of the subject to which the certificate
was issued. Information contained within the certificate includes:
name of the subject, serial number, date of validity, subject's public
key, and the digital signature of the authority who issued the certifi-
cate. Certificates on Procurve switches conform to the X.509v3 stan-
dard, which defines the format of the certificate.
■ Self-Signed Certificate: A certificate not verified by a third-party
certificate authority (CA). Self-signed certificates provide a reduced
level of security compared to a CA-signed certificate.
7-3
To Next Page
Loading...
Need help?
General