Configuring web settings
You can configure web user interface settings under Administration > Security: Web Settings.
You can also manage SSL certificates used by the SCC in the Web Settings page:
• View certificate details.
• View certificate in PEM format.
• Replace a signed certificate by importing a certificate and private key or generating a self-signed certificate and new private key.
• Generate a certificate signing request (CSR).
These configuration options are available under Web Settings:
Default Web Login ID
Specifies the username that appears in the authentication page. The default value is admin.
Web Inactivity Timeout
Specifies the number of idle minutes before time-out. The default value is 15. A value of 0 disables the inactivity time-out. If the maximum session count is exceeded, the last recently used session will be expired regardless of its idle time.
The web session inactivity time-out and the CLI interface inactivity time-out are configured separately:
To set the CLI interface inactivity time-out for the current and future login sessions run the cli default auto-logout <minutes> command.
• To set the CLI interface inactivity time-out for the current session only run the cli session auto-logout <minutes> command.
• To view the CLI settings run the show cli command.
Allow Session Timeouts When Viewing Auto-Refreshing Pages
Stops the automatic updating of the report pages when the session times out. This option is enabled by default.
Disabling this feature poses a security risk. When you disable this feature, you are logged in indefinitely on pages that are automatically refreshed, such as reports.
You manage web certificates under Administration > Security: Web Settings. The Web Settings page displays the identity certificate details.
These configuration options are available:
Issued To/Issued By
Specifies these options:
• Common Name—Specifies the common name of the certificate authority.
• Email—Specifies the organization email.
• Organization—Specifies the organization name (for example, the company).
• Locality—Specifies the city.
• State—Specifies the state.
• Country—Specifies the country.
Validity
Specifies these options:
• Issued On—Specifies the date the certificate was issued.
• Expires On—Specifies the date the certificate expires.
Fingerprint
Specifies the SSL fingerprint.
Key
Specifies these options:
• Type—Specifies the key type.
• Size—Specifies the sizes in bytes.
To view the certificate in PEM format, under Web Certificate, select the PEM tab. The certificate appears in PEM format.
To replace an existing certificate, under Web Certificate, select the Replace tab, and complete these configuration options:
Import Certificate and Private Key
Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you’re adding or updating the certificate.
Certificate
Specifies the action:
• Upload—Browse to the local file in PKCS-12, PEM, or DER formats.
• Paste it here (PEM)—Copy and then paste the contents of a PEM file.
Private Key
Specifies the private key origin.
• The Private Key is in a separate file (see below)—You can either upload it or copy and paste it.
• This file includes the Certificate and Private Key
• The Private Key for this Certificate was created with a CSR generated on this appliance.
Separate Private Key
Specifies the action:
• Upload (PEM or DER formats)—Browse to the local file in PEM or DER formats.
• Paste it here (PEM only)—Paste the contents of a PEM file.
Decryption Password
Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.
Import Certificate and Key
Imports the certificate and key.
Generate Self-Signed Certificate and New Private Key
Generates a new private key and self-signed public certificate:
• Organization Name—Specify the organization name (for example, the company).
• Organization Unit Name—Specify the organization unit name (for example, the section or department).
• Locality—Specify the city.
• State (no abbreviations)—Specify the state.
• Country (2-letter code)—Specify the country (2-letter code only).
• Email Address—Specify the email address of the contact person.
• Validity Period (Days)—Specify how many days the certificate is valid. The default value is 730.
Private Key Cipher Bits
Specifies the key length from the drop-down list. The default value is 1024.
Generate Certificate and Key
Generates a private key and CSR.
To generate a CSR, under Web Certificate, select the Generate CSR tab and complete these configuration options:
Common Name (required)
Specifies the common name (hostname) of the peer.
Organization Name
Specifies the organization name (for example, the company).
Organization Unit Name
Specifies the organization unit name (for example, the section or department).
Locality
Specifies the city.
State
Specifies the state. Don’t abbreviate.
Country (2-letter code)
Specifies the country (2-letter code only).
Email Address
Specifies the email address of the contact person.
Generate CSR
Generates the Certificate Signing Request.