Cache Flow SSL certificate for management console to be signed by Internal Certificate Server
Article ID: 168550
CacheFlow Appliance Software
How do create a strong SSL certificate from Internal Certificate Server (CA)
The default SSL certificate for the Management GUI is 256 bits in length and many security vulnerability scanners detect this as cryptographically weak, and therefore a security risk.An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information.
1. Create a keyring with 2048 bit of length and name it as gui2. gui2 is just a name of the keyring and you can name it as according to your company policy. #(config ssl)create keyring no-show gui2 2048
2. Generating a Certificate Signing Request. (An example show below) #(config ssl)create signing-request gui2 Country code : CA State or province : ON Locality or city : Malaysia Organization name : Bluecoat Organization unit : CSE Common name : CSECF500 Email address : Challenge : abc123 Company name :
3. Submit a Certificate Signing Request (CSR) to the Certification Authority (CA). The CSR contains your certificate-application information, including your public key.
A. #(config ssl)view signing-request gui2 -----BEGIN CERTIFICATE REQUEST----- MIIBuTCCASICAQAwYjELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMREwDwYDVQQH EwhXYXRlcmxvbzERMA8GA1UEChMIQmx1ZWNvYXQxDDAKBgNVBAsTA1BTUzESMBAG A1UEAxMJU2VhbkNGNTAwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCm23G0 0mK+em7Hh6lzsQa7OTaEJPls/p5fRd4Ox/2whAX5aV4iEw57l4SMJeU9qBcXVuUs I5nxJvWEQlAMYDxMZvTuZHQOFAEs6T1dtfNWDG2RXMj6cTndGFIjvaeXQVIofBs AwHwqhf756ytBL8cGY0Hp+FJ4PImLbmbWssmjQIDAQABoBcwFQYJKoZIhvcNAQkH MQgTBmFiYzEyMzANBgkqhkiG9w0BAQUFAAOBgQATs0Y2VkbppnB4SU4Cfa0nAd1Q d4Gw7S29y95quZQFpcA7gj8j198BDfvK39oMPbs0A3ImOFZRkSwUOfcJ8Oq61xrb z4zmbha93lKe65Mhg49uQmb/hG5z7JudEDrl52pRoDoMLj0tWlQ8GcFFgHT/Tw/C H5nirAHbZRSoX4CxeA== -----END CERTIFICATE REQUEST----- Note: Copy the certificate text, (starting with -----Begin and ending with REQUEST-----) and have it signed by the CA server