Secure Communications

The TS4500 tape library is secured with a secure socket layer (SSL). SSL is a protocol for encrypted (secure) transmission through the Internet. The Secure Communications page enables you to configure the SSL settings.

SSL is a cryptographic security system that uses these two keys to encrypt data:
  • a public key known to everyone
  • a private key known only to the recipient of the message.
Many Web sites use this protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https instead of http.
Note: When you update certificate settings and/or enable or disable SSL, the web server will reset and you will be logged out.
Secure Communications On (SSL enabled)
When SSL is enabled, the data exchanged between the TS4500 tape library and your browser is encrypted. You can use a system-defined encryption certificate or upload your own certificate.
System-defined certificate
The web server on the TS4500 tape library uses the certificate that is installed with the library firmware. It is in PEM format and is a self-signed certificate.
User-defined certificate
If there is an existing certificate, its identifying information is displayed in the Certificate field. You can use this certificate, or click the folder icon to upload another certificate.
Note: If you modify a certificate that was already uploaded, you must re-select the PEM file by clicking the folder icon and specifying the file even if the name is still displayed in the Certificate field. If the certificate is encrypted, you must enter the password again.
Certificate requirements:
  • RSA keys are recommended. No specific key size is required.
  • Certificates must use AES encryption. DES is not supported.
  • Certificates must be in PEM format. They may be self-signed or CA-signed, but must contain both the certificate and the private key. If the private key is encrypted, you must enter the password for the private key.
  • Certificates with the SHA256 signature algorithm are supported. Certificates with SHA1 or MD5 hash signatures are not allowed.
  • Both wildcard and multi-domain (SAN) certificates are supported. A wildcard certificate allows unlimited subdomains to be protected with a single certificate, while a SAN certificate allows for multiple domain names to be protected with a single certificate.

If you are using CA-signed certificates on a TS4500 tape library configured with multiple IPs, it is strongly recommended to include each IP used for web GUI access in the certificate. If an IP address or DNS name is not specified in the certificate, the message “Your connection is not secure” is displayed after the web server restarts. Click "Add Exception" and then "Confirm Security Exception" to be able to use that certificate.

Secure Communications Off (SSL disabled)
When SSL is disabled, your browser and the TS4500 tape library communicate with unencrypted data transmissions.