Download Certificate; Configuration - D-Link DXS-3326GSR Manual

3. Hash Algorithm: This part of the ciphersuite allows the user to choose a message digest function which will
determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent
message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, MD5
(Message Digest 5) and SHA (Secure Hash Algorithm).
These three parameters are uniquely assembled in four choices on the Switch to create a three-layered encryption code for
secure communication between the server and the host. The user may implement any one or combination of the
ciphersuites available, yet different ciphersuites will affect the security level and the performance of the secured
connection. The information included in the ciphersuites is not included with the Switch and requires downloading from a
third source in a file form called a certificate. This function of the Switch cannot be executed without the presence and
implementation of the certificate file and can be downloaded to the Switch by utilizing a TFTP server. The Switch supports
SSLv3 and TLSv1. Other versions of SSL may not be compatible with this Switch and may cause problems upon
authentication and transfer of messages from client to host.

Download Certificate

This window is used to download a certificate file for the SSL function on the Switch from a TFTP server. The certificate
file is a data record used for authenticating devices on the network. It contains information on the owner, keys for
authentication and digital signatures. Both the server and the client must have consistent certificate files for optimal use of
the SSL function. The Switch only supports certificate files with .der file extensions.
To view the following window, click Security Management > Secure Socket Layer (SSL) > Download Certificate:
To download certificates, set the following parameters and click Apply.
Parameter
Certificate Type
Server IP
Certificate File Name
Key File Name

Configuration

This window will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites
on the Switch. A ciphersuite is a security string that determines the exact cryptographic parameters, specific encryption
algorithms and key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the
SSL function, which are all enabled by default. To utilize a particular ciphersuite, disable the unwanted ciphersuites,
leaving the desired one for authentication.
DXS-3326GSR Gigabit Layer 3 Switch
Figure 8- 21. Download Certificate window
Description
Enter the type of certificate to be downloaded. This type refers to the server
responsible for issuing certificates. This field has been limited to Local for this
firmware release.
Enter the IP address of the TFTP server where the certificate files are located.
Enter the path and the filename of the certificate file to download. This file must have
a .der extension. (Ex. c:/cert.der)
Enter the path and the filename of the key file to download. This file must have a .der
extension (Ex. c:/pkey.der)
184