Web Server Settings
An SSL Certificate, ciphers, and protocols can be configured to protect access to the AppResponse 11 web UI. A self-signed certificate is generated automatically when a system boots if no certificate is installed. You also can provide a certificate of your own, signed by a Certificate Authority of your choice. You must log in with read/write system configuration permissions to make changes to this page.
Intermediate or chained certificates are not supported.
You manage SSL certificates at Administration > System Settings: General, in the Web Server Settings tab. Here you can:
◼ view, retrieve, or replace the installed certificate.
◼ change the port used for HTTPS.
◼ choose the ciphers and protocols used.
You also manage the use of HTTP to access the web UI:
◼ enable or disable (default) HTTP access
◼ if enabled, configure HTTP access.
This section covers:
Secure Vault For Encrypted Security Files
AppResponse 11 keeps sensitive security objects such as certificates and decryption keys in an encrypted filesystem, or “secure vault,” that allows AppResponse 11 to access them while preventing tampering or access by any other means. The secure vault is not user-accessible, and cannot be used for protecting other files. In the event that AppResponse 11 is unable to unlock the secure vault and access its contents, the web UI will prevent access to the system via the web UI.
Two CLI commands are available for administering the secure vault:
◼ show secure_vault status — This admin CLI command will return one of three possible statuses:
◼ locked — AppResponse 11 cannot access the secure vault and its contents. The web UI cannot be used in this state.
◼ active — AppResponse 11 is able to access the secure vault and its contents.
◼ resetting — The secure vault is in the process of returning to its original, default state. This state will persist until the system has rebooted successfully.
◼ secure_vault reset — This command is available only in configure terminal mode. Executing it will prompt for confirmation before returning the secure vault to its default state, with all HTTPS settings (including ports), certificates, and decryption keys removed or returned to their default states. A reboot is required to complete a reset of the secure vault.
Configuring HTTPS Settings
To configure the HTTPS port
1. Go to Administration > System Settings: General, then select the Web Server Settings tab.
2. Under Settings, specify the HTTPS TCP port to be used. The following ports are accepted:
– 443
– 8443
– 24000 - 24999
Valid entries have a green shadow; invalid entries have a red shadow with hover text showing valid entries.
3. Specify OpenSSL ciphers. All entries are passed to OpenSSL for validation.
– The default ciphers enable:
•Ciphers with key lengths larger than 128 bits.
•Ciphers offering no authentication
•KRB5
•MD5
•3DES
4. Select Security Protocols to use by checking the box before any listed protocols.
5. Click Apply to save your changes, Revert to discard your changes.
Configuring HTTP Access
To configure HTTP access to the web UI
1. Go to Administration > System Settings: General, then select the Web Server Settings tab.
2. Select the desired HTTP Access mode from the drop-down list of choices:
– Disabled—No HTTP access to the web UI.
– Enabled—Provides HTTP access using the specified TCP port. Valid ports are: 80 or 24000 - 24999.
– Redirect to HTTPS—Sends traffic on the specified TCP port to the specified HTTPS port.
3. Click Apply to save your changes, Revert to discard your changes.