14-3
Setting Up SSL Encryption
4. After you have defined parameters 5 through 11, type 12 and press [Enter] (Create
CSR) to create a Certificate Signing Request. By default, this will overwrite any
existing certificate, and create a new Self Signed certificate.
a) The AFS-16 will prompt you to create a password. Key in the desired
password (up to 16 characters) and then press [Enter]. When the AFS-16
prompts you to verify the password, key it again and then press [Enter] once.
After a brief pause, the AFS-16 will return to the Web Access Menu, indicating
that the CSR has been successfully created.
b) When the Web Access Menu is re-displayed, press [Esc] several times until
you exit from the Network Parameters menu and the "Saving Configuration"
message is displayed.
5. After the new configuration has been saved, test the Self Signed certificate by
accessing the AFS-16 via the Web Interface, using an HTTPS connection.
a) Before the connection is established, the AFS-16 should display the warning
message described previously. This indicates that the Self Signed certificate
has been successfully created and saved.
b) Click on the "Yes" button to proceed. The AFS-16 will prompt you to enter
a user name and password. After keying in your password, the main menu
should be displayed, indicating that you have successfully accessed command
mode.
14.2. Creating a Signed Certificate
To create a Signed certificate, and eliminate the warning message, first set up your
domain name server to recognize the Common Name (item 5) that you will assign to
the unit. Next, complete steps one through five as described in Section 14.1 and then
proceed as follows:
1. CapturetheNewlyCreatedCertificate: Type 13 and press [Enter] (View CSR).
The AFS-16 will prompt you to configure your communications (Telnet) program to
receive the certificate. Set up your communications program to receive a binary
file, and then press [Enter] to capture the file and save it. This is the Code Signing
Request that you will send to the outside security service (e.g., VeriSign, Thawte,
etc.) in order to have them sign and activate the certificate.
2. ObtaintheSignedCertificate: Send the captured certificate to the outside
security service. Refer to the security service's web page for further instructions.