How do I configure NE TLS server authentication?

Purpose

This procedure describes TLS server configurations for NEs. For TLS client configurations, see How do I configure NE TLS client authentication?.

TLS configurations are distributed to NEs using the NFM-P policy framework; see “Policies overview” in the NSP NFM-P User Guide.

Steps
 

Choose Administration→Security→NE TLS Authentication from the NFM-P main menu. The NE TLS Authentications form opens.


Configure a TLS server cipher list.

  1. To create a server cipher list, click Create→TLS Server Cipher List.

    To modify a server cipher list, choose TLS Server Cipher List (NE Security) in the object drop-down of the NE TLS Authentications form, click Search, select a cipher list, and click Properties.

    The TLS Server Cipher List (Create|Edit) form opens.

  2. If you are creating a cipher list, configure the Displayed Name parameter on the General tab.

  3. Click on the TLS Server Cipher List Param tab. You can configure up to 255 parameter entries for the cipher list.

  4. Click Create, or choose an entry in the list and click Properties. The TLS Server Cipher List Param form opens.

  5. Configure the required parameters.

  6. Save your changes and close the TLS Server Cipher List Param form.

  7. Click on the TLS 1.3 Server Cipher List Param tab. You can configure up to eight parameter entries for the cipher list.

  8. Click Create, or choose an entry in the list and click Properties. The TLS 1.3 Server Cipher List Param form opens.

  9. Configure the required parameters.

  10. Save your changes and close the form.

  11. Save your changes on the TLS Client Cipher List (Create|Edit) form and distribute the list to the required NEs.


Configure a TLS server profile.

  1. To create a TLS server profile, click Create→TLS Server Profile.

    To modify a server profile, choose TLS Server Profile (NE Security) in the object drop-down of the NE TLS Authentications form, click Search, select a server profile, and click Properties.

    The TLS Server Profile (Create|Edit) form opens.

  2. If you are creating a server profile, configure the Displayed Name parameter.

  3. Select a Server Cipher List; see Step 2.

  4. Select a Certificate Profile; see Step 4 in How do I configure NE TLS client authentication?.

  5. Select a Trust Anchor Profile; see Step 3 in How do I configure NE TLS client authentication?.

  6. Configure the Re-negotiate Timer parameter if required.

  7. Select a Common Name List; see How do I configure a PKI common name list?.

  8. Configure the required parameters.

  9. Select TLS server signature list and TLS server group list profiles.

  10. Save your changes on the TLS Server Profile form and distribute the profile to the required NEs.


Close the NE TLS Authentications form.

End of steps