6.13.1 Files required for SSL communication
To use SSL communication, you need to prepare files required for SSL communication on the server host and client hosts. Files required for SSL communication are described below.
- Files required for SSL communication on the server host:
-
-
Private key
-
Server certificate issued by CA (certificate authority)
-
Root certificate corresponding to the server certificate
-
- Files required for SSL communication on the client hosts:
-
-
Root certificate corresponding to the server certificate on the server side
-
The following figure shows the relationship of certificates required for SSL communication.
|
|
![[Figure]](GRAPHICS/ZU041000.GIF)
|
|
![[Figure]](GRAPHICS/ZU041100.GIF)
|
|
![[Figure]](GRAPHICS/ZU041150.GIF)
For details about the communication encryption function (SSL communication) of JP1/IM, see the JP1/Integrated Management 3 - Manager Overview and System Design Guide.
- Organization of this subsection
(1) Notes on private keys, server certificates, and root certificates
-
Use of private keys with a passphrase is prohibited. Remove a passphrase before using a private key.
-
Only private keys, server certificates, and root certificates in X509 PEM format can be used.
-
Certificates (wildcard certificates) in which a wildcard is used for the CN host name can also be used for server certificates.
Example: CN=*.example.com
-
To use a server certificate issued by an intermediate CA, you need to combine certificates according to the hierarchical structure of certificates.
Combine certificates according to the following hierarchical structure:
![[Figure]](GRAPHICS/ZU041200.GIF)
To use a cross root certificate, you must combine certificates in the following order:
-
Server certificate
-
Server certificate issued by an intermediate CA
-
Cross root certificate
-