Configuring Security Settings : Configuring web settings
  
Configuring web settings
You can modify Management Console web user interface and certificate settings in the Administration > Security: Web Settings page.
To modify web settings
1. Choose Administration > Security: Web Settings to display the Web Settings page.
2. Under Web Settings, complete the configuration as described in this table.
Control
Description
Default Web Login ID
Specify the username that appears in the authentication page. The default value is admin.
Web Inactivity Timeout
Specify the number of idle minutes before time-out. The default value is 15. A value of 0 disables time-out.
Allow Session Timeouts When Viewing Auto-Refreshing Pages
By default, session time-out is enabled, which stops the automatic updating of the report pages when the session times out. Clear the Allow box to disable the session time-out, remain logged-in indefinitely, and automatically refresh the report pages.
Disabling this feature poses a security risk.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to Disk to save your settings permanently.
Managing web SSL certificates
The Mobile Controller provides these additional security features to manage SSL certificates used by the Management Console web user interface using HTTPS:
Generate the certificate and key pairs on the Mobile Controller. Generating the certificate and key pairs overwrites the existing certificate and key pair, regardless of whether the previous certificate and key pair was self-signed or user added. The new self-signed certificate lasts for one year (365 days).
Create certificate signing requests from the certificate and key pairs.
Replace a signed certificate with one created by an administrator or generated by a third-party certificate authority.
The web certificate applies only to connections made to the HTTP and HTTPS services of the Mobile Controller and is not used for connections between the SteelHead Mobile clients and the Mobile Controller.
To modify web certificates
1. Choose Administration > Security: Web Settings to display the Web Settings page.
2. Under Web Certificate, select the Details tab. The Mobile Controller identity certificate details appear, as described in this table.
Control
Description
Issued To/Issued By
Common Name - Specifies the common name of the certificate authority.
Organization - Specifies the organization name (for example, the company).
Organization Unit - Specifies the organization unit name (for example, section or department).
Locality - Specifies the city.
State - Specifies the state.
Country - Specifies the country.
Serial Number - Specifies the serial number (Issued To, only).
Validity
Issued On - Specifies the date the certificate was issued.
Expires On - Specifies the date the certificate expires.
Fingerprint
Specifies the SSL fingerprint.
Key
Type - Specifies the key type.
Size - Specifies the size in bytes.
3. To view the certificate in PEM format, under Web Certificate, select the PEM tab.
4. To replace an existing certificate, under Web Certificate, select the Replace tab and complete the configuration as described in this table.
Control
Description
Import Existing Private Key and CA-Signed Public Certificate
(One File in PEM or PKCS12 Formats)
Imports the existing private key and CA-signed public certificate as a single file.
The page displays controls for importing a single file either by browsing to and uploading the certificate and keys or by using the text box to copy and paste a PEM file.
Then enter the decryption password in the Decryption Password field, if necessary.
Decryption passwords are required for PKCS-12 files, and they are optional for PEM files.
Import Existing Private Key and CA-Signed Public Certificate
(Two Files in PEM or DER Formats)
Imports the existing private key and CA-signed public certificate as two separate files.
Import the private key either by browsing to and uploading the file or by copying and pasting a PEM file into the key text box. Then enter the decryption password in the Decryption Password field, if necessary.
Decryption passwords are optional for PEM files, and they are never needed for DER files.
Import the public certificate either by browsing to and uploading the file or by copying and pasting a PEM file into the certificate text box.
Generate New Private Key and Self-Signed Public Certificate
Select this option to generate a new private key and self-signed public certificate.
Cipher Bits - Select the key length from the drop-down list. The default value is 1024.
Organization Name - Specify the organization name (for example, the company).
Organization Unit Name - Specify the organization unit name (for example, the section or department).
Locality - Specify the city.
State - Specify the state.
Country - Specify the country (two-letter code only).
Email Address - Specify the email address of the contact person.
Validity Period - Specify how many days the certificate is valid. The default value is 730.
5. Click Import Key and Certificate to import the key and certificate (for imported keys), or click Generate Key and Certificate to generate the key and certificate (for new keys).
6. To generate a Certificate Signing Request (CSR), under Web Certificate, select the Generate CSR tab and complete the configuration as described in this table.
Control
Description
Common Name
Specify the common name (hostname).
Organization Name
Specify the organization name (for example, the company).
Organization Unit Name
Specify the organization unit name (for example, the section or department).
Locality
Specify the city.
State
Specify the state. Don’t abbreviate.
Country
Specify the country (2-letter code only).
Email Address
Specify the email address of the contact person.
7. Click Generate CSR to generate the CSR.
8. Click Save to Disk to save the settings permanently.