|
|
1 |
Choose Administration→Security→NE TLS Authentication from the NFM-P main menu. The NE TLS Authentications form opens.
|
2 |
Configure a TLS client cipher list.
-
To create a new client cipher list, click Create→TLS Client Cipher List. The TLS Client Cipher List (Create|Edit) form opens.
To modify an existing client cipher list, choose TLS Client Cipher List (NE Security) in the object drop down of the NE TLS Authentications form, click Search, select a cipher list, and click Properties.
-
If you are creating a new cipher list, enter a name for the Client Cipher List in the General tab.
-
Click on the TLS Client Cipher List Param tab. You can configure up to eight parameter entries for the cipher list.
-
Click Create, or choose an entry in the list and click Properties. The TLS Client Cipher List Param form opens.
-
Configure the cipher list parameters.
-
Save your changes and close the form.
-
Click on the TLS 1.3 Client Cipher List Param tab. You can configure up to eight parameter entries for the cipher list.
-
Click Create, or choose an entry in the list and click Properties. The TLS 1.3 Client Cipher List Param form opens.
-
Configure the required parameters.
-
Save your changes and close the form.
-
Save your changes on the TLS Client Cipher List (Create|Edit) form and distribute the list to the required NEs.
|
3 |
Configure a TLS trust anchor profile.
-
To create a trust anchor profile, click Create→TLS Trust Anchor Profile. The TLS Trust Anchor Profile (Create|Edit) form opens.
To modify a trust anchor profile, choose TLS Trust Anchor Profile (NE Security) in the object drop-down of the NE TLS Authentications form, click Search, select a trust anchor profile, and click Properties.
-
If you are creating a new profile, configure the Trust Anchor Profile Name on the General tab.
-
Click on the TLS Trust Anchors tab to add PKI certificate authority profiles.
-
Click Create, or choose a Trust Anchor CA Profile entry in the list and click Properties. The TLS Trust Anchor Entry form opens.
-
Select a Certificate Authority Profile. At least one PKI certificate authority profile must be selected; see
How do I configure a PKI certificate authority profile?.
-
Save your changes and close the form.
-
Save your changes on the TLS Trust Anchor Profile (Create|Edit) form and distribute the profile to the required NEs.
|
4 |
Configure a TLS certificate profile.
-
To create a new TLS certificate profile, click Create→TLS Certificate Profile.
To modify an existing certificate profile, choose TLS Certificate Profile (NE Security) in the object drop down of the NE TLS Authentications form, click Search, select a certificate profile, and click Properties.
The TLS Certificate Profile (Create|Edit) form opens.
-
If you are creating a new certificate profile, configure the Displayed Name parameter on the General tab.
-
Click on the TLS Certificate Profile Entry tab and configure the required parameters.
-
Click on the Send Chain tab to add the required PKI certificate authority profiles.
-
Click Create. The TLS Certificate CA Profile Entry form opens.
-
Select a Certificate Authority Profile; see
How do I configure a PKI certificate authority profile?.
-
Save your changes and close the TLS Certificate CA Profile Entry form.
-
On the TLS Certificate Profile (Create|Edit) form, configure the Administrative State parameter if required.
-
Save your changes and distribute the list to the required NEs.
|
5 |
Note: The TLS client profile can be associated with a RADIUS server. For information, see
How do I configure an NE RADIUS authentication policy?.
Configure a TLS client profile.
-
To create a new TLS client profile, click Create→TLS Client Profile. The TLS Client Profile (Create|Edit) form opens.
To modify an existing client profile, choose TLS Client Profile (NE Security) in the object drop down of the NE TLS Authentications form, click Search, select a client profile, and click Properties.
-
If you are creating a new client profile, configure the Displayed Name parameter.
-
Select a Cipher List; see
Step 2.
-
Select a Trust Anchor Profile; see
Step 3.
-
Select a Certificate Profile; see
Step 4 .
-
Select TLS client group list and TLS Client Signature List profiles.
-
Configure the required parameters.
-
Save your changes on the TLS Client Profile form and distribute the profile to the required NEs.
|
6 |
Close the NE TLS Authentications form.
End of steps |