BSGX4e Business Gateway User Guide 43

Release 01.01 NN47928-102

Connecting to the Device

A single X509 certificate can be generated. When self-signed, the certificate is

derived from the current CSR record and key record.

NOTE: A self-signed certificate can be generated only if an SSL key record and an

SSL CSR record exist.

Alternately, you can import an SSL certificate using a file containing a certificate

signed by an external certificate authority (CA). The certificate must be in Privacy

Enhanced Mail (PEM) format with no header before the “----- BEGIN CERTIFICATE

-----” text. When a CA-signed certificate is imported, the certificate is checked to

ensure that it is in the correct PEM format. If the format is incorrect, the certificate

is not imported.

NOTE: If the SSL certificate is deleted, new SSL connections cannot be created.

SSL Certificate Command

To generate the SSL certificate, enter the following command:

> config ssl certificate

Table 10 describes the parameters for config ssl certificate.

SSL Configuration Example

This example generates an RSA key of 768 bits. It then generates an SSL CSR for the

Sells unit of the company EiffelGroup in Paris, France. Finally it generates a

self-signed SSL certificate.

> config ssl key rsa bits 768

*> config ssl csr x509 country FR no state locality Paris

orgname EiffelGroup orgunit Sells commonname

www.eiffelgroup.com email conta[email protected]

*> config ssl certificate x509 signed self

*> save

Show SSL Configuration

To verify the SSL configuration, enter the following commands:

> show ssl key

SSL Key:

Type rsa

Table 10. SSL Certificate Configuration Parameters

Parameter Description

[type] Certificate type (x509).

signed Self-signs the current CSR (self | null).

import PEM format file from which to import the certificate.