Filter
Top Products
Certicates and Keys
Certicates are only needed if you intend to implement full PKI authentication for the viewer
connections. If an SSL-encrypted session is already enough for your security requirements, you
can just ignore this aspect of PKI authentication. Where can you get the certicates? There is
a default set of certicates on your support CD. You can use them to practice the certicate
uploads. In a real-world scenario, you can generate the certicates by yourself (there is some
freeware or shareware, such as XCA, for this purpose); or you can buy certicates from
companies that provide authentication services. The valid le names and formats of the
certicates and keys to be uploaded to the switch should be exactly as shown here: root.crt,
server.crt, serverkey.pem, ldapcert.crt and ldapkey.pem.
Viewer Connections
The browser connections to the Web Management interface are always using SSL connections.
The viewer connections can use different levels of security.
Security Level (SSL): The switch offers three levels of security for viewer connections. From
the drop-down menu, select the level appropriate for your real demands on viewer connection
security: “Level 1,” “Level 2” or “Level 3.”
• Level 1 uses no SSL data encryption and no authentication. It’s the most straightforward
setting and offers the most convenience if there are no security concerns. Anyone who
has a viewer and an Internet connection can easily connect to the switch as long as the
user fullls the password policy requests.
• Level 2 uses SSL encryption for viewer connection, but only requires server authentication
by the viewer client. Remote users are not required to install any certicates on their client
computers. However, the viewer connection is encrypted with 256-bit SSL technology to
ensure that all data contents transmitted via the viewer connection is protected, including
keyboard, mouse and video signals.
• Level 3 uses 256-bit encryption and a bi-directional PKI authentication between the
server and viewer client. With this level of security, all remote users who want to make
viewer connections must install a proper client certicate on their computer. This client
certicate must come from the same CA that issued the root.crt certicate of the switch.
In all, there are nine possible combinations of viewer security levels and password policies
available for the exibility to adapt to your specic security needs.
KVM Server Password: This eld will only appear if you choose to implement Level 3 security.
See Page 16. Enter the password that has encrypted the server private key in the server
private key le (serverkey.pem) in order to make a successful viewer connection with the
switch in the Level 3 security setting. If you use the standard set of certicates provided on
the included support CD, the password that encrypts the server private key is “serverpwd.”
However, if you use your own set of certicates (as you should for a genuinely secure
installation), you need to get the correct server password from the Certicate Authority that
issued those certicates.
First, you should obtain a set of certicates from your administrator. If your certicate les
have different names, change them to the valid names before uploading. To upload the
certicates, click “Browse” to go to the location where your certicates reside. Select a
certicate le, then click “Upload” to upload your certicates, one at a time, to the switch.
After the uploading is completed, you should see the prompt page for a reboot. However,
you don’t have to reboot before you have uploaded all the necessary certicates: Just reboot
once after you’ve uploaded all necessary certicates: root.crt, server.crt and serverkey.pem.
If you need to SSL-encrypt the LDAP connection for user remote authentication, you must
upload two extra certicates: ldapcert.crt and ldapkey.pem.
User-Password Policy: The switch offers three types of password policies for selection from
the drop-down menu: “No Password,” “Global Password” and “User Password.”
• No Password means the viewer will not prompt you for any user password: The door is
open unless you are using Level 3 security.
32
MANAGEMENT OVER A BROWSER