14-4
Setting Up SSL Encryption
3. UploadtheSignedCertificatetotheAFS-16: After the "signed" certificate is
returned from the security service, return to the Web Access menu.
a) Access the AFS-16 command mode via the Text Interface using an account that
permits Administrator level commands as described previously, then type /N
and press [Enter] to display the Network Parameters menu, and then type 23
and press [Enter] to display the Web Access menu.
b) From the Web Access menu, type 14 and press [Enter] (Import CRT) to
begin the upload process. At the CRT Server Key submenu, type 1 and press
[Enter] to choose "Upload Server Key."
c) Use your communications program to send the binary format Signed
Certificate to the AFS-16 unit. When the upload is complete, press [Escape] to
exit from the CRT Server Key submenu.
d) After you exit from the CRT Server Key submenu, press [Escape] several times
until you have exited from the Network Parameters menu and the "Saving
Configuration" message is displayed.
4. After the configuration has been saved, test the signed certificate by accessing the
AFS-16 via the Web Browser Interface, using an HTTPS connection. For example,
if the common name has been defined as "service.wti.com", then you would enter
"https://service.wti.com" in your web browser's address field. If the Signed
Certificate has been properly created and uploaded, the warning message should
no longer be displayed.
14.3. Downloading the Server Private Key
When configuring the AFS-16's SSL encryption feature (or setting up other security/
authentication features), it is recommended to download and save the Server Private
Key. To download the Server Private Key, access the Text interface via Telnet or SSH,
using a password that permits access to Administrator level commands and then
proceed as follows:
1. Type /N and press [Enter] to display the Network Parameters menu.
2. At the Network Parameters menu, type 23 and press [Enter] to display the Web
Access menu (Figure 14.1.)
a) To download the Server Private Key from the AFS-16 unit, make certain that
SSL parameters have been defined as described in Section 14.1, then type 15
and press [Enter] and store the resulting key on your hard drive.
b) To upload a previously saved Server Private Key to the AFS-16 unit, make
certain that SSL parameters have been defined as described in Section 14.1,
then type 16 and press [Enter] and follow the instructions in the resulting
submenu.