BSGX4e Business Gateway User Guide 41

Release 01.01 NN47928-102

Connecting to the Device

NOTE: If the SSL key is deleted, new SSL connections cannot be created. To see

the status of the SSL key, enter show ssl key.

A new SSL key can be generated. The number of bits is constrained to 512, 768,

1024, or 2048. When the SSL key record is created or modified, a key generation task

is started. Key generation can take several minutes, depending on the size of the

key. When key generation starts, the key used by the SSL server is deleted; new SSL

connections cannot be created until a new key is available. When key generation

completes, the RSA key used by the SSL server is set to the newly generated key;

new SSL connections can then be created.

SSL Key Command

To generate a new SSL key, enter the following command:

> config ssl key

Table 8 describes the parameters for config ssl key.

SSL CSR

A system administrator can use the SSL Certificate Signing Request (CSR) to generate

an X509 certificate, which can be self-signed by the SSL module or signed by an

external certificate authority (CA).

A single X509 CSR can be generated. Generating a CSR requires an SSL key. To see

the status of the SSL key, enter show ssl key.

NOTE: If the SSL CSR is deleted, new SSL connections cannot be created.

SSL CSR Command

To generate an SSL CSR, enter the following command:

> config ssl csr

Table 9 describes the parameters for config ssl csr.

Table 8. SSL Key Configuration Parameters

Parameter Description

[type] Type of encryption key (RSA).

bits Number of bits in key (512 | 768 | 1024 | 2048).

Table 9. SSL CSR Configuration Parameters

Parameter Description

[type] Certificate signing request type (x509).

country Two-letter country code. The default is US for the United

States; to see the most recent list, go to www.iso.org

state Full name of state or province (such as, California).