cc/td/doc/solution/sesm/sesm_311
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Security

Security

This appendix describes the security mechanisms used in a Subscriber Edge Services Manager (SESM) application.

The Cisco SESM:

Java Platform Security Description

The following URLs provide a description of Java platform security:

HTTP Security Description

HTTP security involves two separate issues:

HTTPS Description

HTTPS (Secure Hypertext Transfer Protocol) is HTTP over Secure Sockets Layer (SSL), which are HTTP packets sent as encrypted data. This is the mechanism by which data is securely transmitted over the Internet between a browser client and a server.

SESM implements SSL using the Java Secure Sockets Extension (JSSE). For information about JSSE, go to:

http://java.sun.com/products/jsse/

The J2EE specifications describe an extension framework for the integration of SSL implementations. For implementations other than JSSE, go to:

http://www.phaos.com/e_security/prod_ssl.html

Keytool and Keystore

The SSL part of HTTPS requires a certificate to generate the encryption key. For the Jetty web server bundled with the Cisco SESM, the certificate is named keystore and is found in the /etc directory. The keystore file is created by the keytool utility. For detailed instructions on the use of keytool, go to the following URL:

http://java.sun.com/products//jdk/1.2/docs/guide/security/SecurityToolsSummary.html

The sample keystore functions for nonproduction deployments. However, you must obtain a site-specific certificate for production deployments from VeriSign, Inc. at:

http://www.verisign.com

Though certificates are generally the same in concept, they tend to differ in implementation. Therefore, a degree of certificate manipulation is required to obtain a certificate from a given source to work with a given SSL implementation. For JSSE and the Jetty web server, the required steps are described at:

ftp://jetty.mortbay.com/pub/Jetty-dev/webapps/jetty/JsseSSL.html

For other implementations, go to:

http://www.openssl.org

The keystore file is a certificate used for secure sockets layer (SSL) encryption. The SSL implementation shipped with the Cisco SESM is of commercial quality and can use certificates generated by keytool. Keytool resides in the same directory as the JRE.


Caution   A keystore is required for deployments that use HTTPS. HTTPS does not function without a valid keystore file. The file included with the installation works, but you should replace it with a keystore valid for your specific deployment.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed Jul 24 12:16:44 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.