Table of Contents
Advertisement
Certificate
The B050-000 uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a
connected client. During the connection establishment the B050-000 has to expose its identity to a client using a
cryptographic certificate. Upon delivery this certificate and the underlying secret key is the same for all B050-000 ever
produced and certainly will not match the network configuration that will be applied to the B050-000 by its user. The
certificate's underlying secret key is also used for securing the SSL handshake. Hence, this is a security risk (but far
better than no encryption at all). However, it is possible to generate and install a new base64 x.509 certificate that is
unique for a particular B050-000. In order to do that, the B050-000 is able to generate a new cryptographic key and the
associated Certificate Signing Request (CSR) that needs to be certified by a certification authority (CA). A certification
authority verifies that you are the person who you claim you are and signs and issues a SSL certificate to you.
To create and install a SSL certificate for the B050-000 the following steps are necessary:
• Create a SSL Certificate Signing Request using the panel shown in Figure 6-30. You need to fill out a
number of fields that are explained below. Once this is done, click on the button "Create" which will
initiate the Certificate Signing Request generation. The CSR can be downloaded to your
administration machine with the"Download CSR" button (see Figure 6-31).
• Send the saved CSR to a CA for certification. You will get the new certificate from the CA after a
traditional authentication process (depending on the CA).
6. Menu Options
Figure 6-30. Certificate Settings
76
Advertisement
Table of Contents
