Saucepan

User Tools

Site Tools

Trace: dns_exfiltration best_practice dot_doh dig troubleshooting dhcp ddns cloud_network_automation dog
infoblox_nios:certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
infoblox_nios:certificates [2024/06/21 08:33] – [Example Cipher Setting] bstaffordinfoblox_nios:certificates [2025/05/19 09:56] (current) – [WARNING] bstafford
Line 5: Line 5:
  
 Infoblox has articles on hardening SSL/TLS and SSH ciphers [[https://community.infoblox.com/t5/Security/Configuring-TLS-1-2-and-ciphersuites-in-NIOS-8-0/m-p/8122#M1488|here]] and [[https://community.infoblox.com/t5/Security/Configuring-SSHD-cipher-suites-in-NIOS-8-x/td-p/10151|here]]. Infoblox has articles on hardening SSL/TLS and SSH ciphers [[https://community.infoblox.com/t5/Security/Configuring-TLS-1-2-and-ciphersuites-in-NIOS-8-0/m-p/8122#M1488|here]] and [[https://community.infoblox.com/t5/Security/Configuring-SSHD-cipher-suites-in-NIOS-8-x/td-p/10151|here]].
- 
-The NIOS 8.5 admin guide page is [[https://docs.infoblox.com/display/nios85/SSL+and+TLS+Protocols|here]]. (it lists the correlation between TLS and SSH ciphers). 
- 
-The NIOS 8.6 admin guide page is [[https://docs.infoblox.com/space/nios86/203622503/SSL+and+TLS+Protocols|here]]. The set command is [[https://docs.infoblox.com/space/nios86/35480695/set+ssl_tls_ciphers|here]]. 
  
 The NIOS 9.0 admin guide page is [[https://docs.infoblox.com/space/nios90/280266998/SSL+and+TLS+Protocols|here]]. The NIOS 9.0 admin guide page is [[https://docs.infoblox.com/space/nios90/280266998/SSL+and+TLS+Protocols|here]].
Line 25: Line 21:
 You can upload HTTPS certificates in the GUI. Remember to create certificates for the GM and also create certificates for all GMC appliances. You can upload HTTPS certificates in the GUI. Remember to create certificates for the GM and also create certificates for all GMC appliances.
  
-You can use the ''set apache_https_cert'' command to select one of the previously uploaded HTTPS certificates. [[https://docs.infoblox.com/space/nios84/44535599/set+apache_https_cert|Documentation]].+You can use the ''set apache_https_cert'' command to select one of the previously uploaded HTTPS certificates. [[https://docs.infoblox.com/space/nios90/280659117/set+apache_https_cert|Documentation]]
 + 
 +This works at least on NIOS 8.6+.
 ===== List of Needed Ciphers ===== ===== List of Needed Ciphers =====
  
Line 32: Line 30:
   * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  
 +REMEMBER: If you have the reporting server, then as of NIOS 9.0.4 you will need to NOT disable TLS 1.2 because Splunk (which powers the reporting server) doesn't support TLS 1.3 yet.
  
 ===== WARNING ===== ===== WARNING =====
Line 38: Line 37:
   * TLS_RSA_WITH_AES_256_GCM_SHA384   * TLS_RSA_WITH_AES_256_GCM_SHA384
  
-However, I noticed a few days later that I could not access the Reporting tab and just go the following error message.+However, I noticed a few days later that I could not access the Reporting tab (Splunk) and just go the following error message.
 <code>The Reporting App is currently unavailable. <code>The Reporting App is currently unavailable.
 Refresh the status Refresh the status
infoblox_nios/certificates.1718958788.txt.gz · Last modified: by bstafford