• 1 reply
  • Latest Post - ‏2011-09-06T12:53:11Z by sreed
224 Posts

Pinned topic WMC SSL Certificate

‏2011-02-03T19:14:58Z |
Is it possible to change the SSL certificate the Web Management Console uses? I'm looking in the Security > Certificates tab and have generated a self-signed certificate, but am unsure what each "SSL Usage Type" at the bottom of the screen is, and the Help button does not provide much information -- "Select the certificate to use with the corresponding category. For example, Client SSL, Server SSL over data NIC, or Server SSL over mgmt NIC. ".  Is it possible to change the certificate the WMC uses within the WMC? Which of the 'categories' does the WMC belong to, or does this change need to be made elsewhere (like with the CLI?)
Will Graham
Updated on 2011-09-06T12:53:11Z at 2011-09-06T12:53:11Z by sreed
  • sreed
    1 Post

    Re: WMC SSL Certificate

    Here is a short description of something I've been using as a reference. Hope it helps.

    1. SSL Usage
    - Client SSL is for when an orchestration is a client connecting to a remote server
    - Server SSL over data NIC is for an orchestration acting as a server (e.g. web service)
    - The Server SSL over mgmt NIC is for the WMC
    2. Certificate Alias
    - The alias identifies the certificate to use/present
    3. VPeer/VHost
    - Vpeer is setting that determines if the appliance is to require the remote endpoint supply a valid certificate
    - Vhost can only be true if vpeer is true, and if set true says the appliance should check the common name within the remote endpoint supplied certificate to ensure it matches the host in the URL to which the appliance connected.
    4. Cipher Strength
    - Standard and strong settings dictate the algorithms and key sizes that can be negotiated between the SSL endpoints
    - When set to strong, only stronger algorithms and key sizes are permitted. A weak endpoint that doesn't support strong ciphers might not be able to negotiate the strong settings and the connection setup would fail.