|
This appendix describes the security mechanisms used in a Subscriber Edge Services Manager (SESM) application.
The Cisco SESM:
The following URLs provide a description of Java platform security:
HTTP security involves two separate issues:
SESM implements SSL using the Java Secure Sockets Extension (JSSE). For information about JSSE, go to:
The J2EE specifications describe an extension framework for the integration of SSL implementations. For implementations other than JSSE, go to:
The SSL part of HTTPS requires a certificate to generate the encryption key. For the Jetty web server bundled with the Cisco SESM, the certificate is named keystore and is found in the /etc directory. The keystore file is created by the keytool utility. For detailed instructions on the use of keytool, go to the following URL:
The sample keystore functions for nonproduction deployments. However, you must obtain a site-specific certificate for production deployments from VeriSign, Inc. at:
Though certificates are generally the same in concept, they tend to differ in implementation. Therefore, a degree of certificate manipulation is required to obtain a certificate from a given source to work with a given SSL implementation. For JSSE and the Jetty web server, the required steps are described at:
For other implementations, go to:
The keystore file is a certificate used for secure sockets layer (SSL) encryption. The SSL implementation shipped with the Cisco SESM is of commercial quality and can use certificates generated by keytool. Keytool resides in the same directory as the JRE.
Caution A keystore is required for deployments that use HTTPS. HTTPS does not function without a valid keystore file. The file included with the installation works, but you should replace it with a keystore valid for your specific deployment. |
Posted: Wed Jul 24 12:16:44 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.