SSL provides an encrypted administrative exchange between a node or a NetCache appliance and a client browser.
SSH provides an encrypted administrative exchange between a node or a NetCache appliance and an SSH 2.0-compliant client.
The -f flag forces setup to run even if the SSH server has already been configured.
secureadmin setup [ -f ] [ -q ] ssl configures the SSL server. The administrator needs to specify the distinguished name (DN) for the appliance.
The process generates a Certificate Signing Request (CSR) and a temporary self-signed certificate. The CSR, located in /etc/keymgr/csr/secureadmin_tmp.pem, can optionally be submitted to a Certificate Authority (CA) for signing. The self-signed certificate allows the SSL server to work without submitting the CSR to a CA. However, the browser may issue a security warning that the appliance's identity cannot be verified. In the US, the administrator can specify the key strengths of 512, 1024, 1536, or 2048. Otherwise it is set to 512.
The -f flag forces setup to run even if the SSL server has already been configured.
The
-q flag is the non-interactive mode for setting up
SSL. The format for this command looks like
"secureadmin setup -q ssl domestic<t/f> country
state locality org unit fqdn email [keylen] [days
until expires].
secureadmin addcert ssl [ path to CA-signed cert ] installs a Certificate Authority-signed certificate to the SSL server. The installed certificate allows the browser to verify the identity of the appliance.
The default path of /etc/keymgr/csr/secureadmin.pem is assumed if a path is not specified.
secureadmin enable ssh | ssh1 | ssh2 | ssl | all starts either SSH, SSL, or both servers. The effect is persistent. Use `ssh1' to enable only SSH1.x protocol. Use `ssh' or `ssh2' for enabling only SSH2.0 protocol.
secureadmin disable ssh | ssh1 | ssh2 | ssl | all stops either SSH, SSL, or both servers. The effect is persistent. Use `ssh1' to disable only SSH1.x protocol. Use `ssh' or `ssh2' for disabling only SSH2.0 protocol.
secureadmin status
shows the current status of SSH and SSL servers.