SSL Tunneling
U
SER
G
UIDE
269
To use TFTP, type:
ssl-cert download <cert-name> from <IPAddress> via-tftp
or
download command-file <cert-name> from <IPAddress>
To use FTP:
ssl-cert download <cert-file> from <IPAddr> via-ftp login <usr> password <passwd>
If you want to transfer the certificate via SCP protocol, you must use the native command
scp,
it is
native of the router‟s CLI. Once you have downloaded the certificate, type:
ssl-cert install <cert-file-name>
the command above installs the certificate and makes it usable by the SSL service.
Below you can see a complete example to activate the configuration of the SSL Proxy set
set ntp 193.204.114.232
set ntp ons
ssl-cert download sni-CAcert.pem from 10.10.100.10 via-tftp
ssl-cert download sni-client-stunnel.pem from 10.10.100.10 via-tftp
ssl-cert download sni-2-CAcert.pem from 10.10.100.10 via-tftp
ssl-cert download sni-2-client-stunnel.pem from 10.10.100.10 via-tftp
ssl-cert install sni-CAcert.pem
ssl-cert install sni-client-stunnel.pem
ssl-cert install sni-2-CAcert.pem
ssl get sni-2-client-stunnel.pem
set ssl tunnel-number 2
set ssl tunnel 1 local-address any local-port 1234 remote-address 88.1.1.1 remote-port 2299
set ssl tunnel 1 role client
set ssl tunnel 1 verify 2
set ssl tunnel 1 sni main.sni.it
set ssl tunnel 1 cacert sni-CAcert.pem
set ssl tunnel 1 key sni-client-stunnel.pem
set ssl tunnel 2 local-address any local-port 23456 remote-address 88.2.2.2 remote-port 2299
set ssl tunnel 2 role client
set ssl tunnel 2 verify 2
set ssl tunnel 2 sni main.sni-2.it
set ssl tunnel 2 cacert sni-2-CAcert.pem
set ssl tunnel 2 key sni-2-client-stunnel.pem
set ssl on
