NetModule NB3700 User Manual page 155

Hide thumbs Also See for NB3700:

User manual (225 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

page of 194

/ 194
Contents
Table of Contents
Bookmarks

Table of Contents

Parameter

Common Name (CN)

E-Mail

Expiry period

Key size

Passphrase

Please be aware of the fact, that the local random number generator (RNG) provides

pretty good randomness for most applications. If stronger cryptography is mandatory,

we suggest to create the keys at an external RNG device or manage all certiﬁcates com-

pletely on a remote certiﬁcation server. Nevertheless, using a local certiﬁcate authority

can issue and manage all required certiﬁcates and also run a certiﬁcate revokation list

(CRL).

When importing keys, the certiﬁcate and key ﬁle can be uploaded individually encoded

in PEM/DER or PKCS7 format. All ﬁles (CA certiﬁcate, certiﬁcate and private key)

can also be uploaded in one stroke by using the container format PKCS12. RSA/DSS

keys can be converted from OpenSSH or Dropbear formats. It is possible to specify the

passphrase for opening the private key. Please note that the system will generally apply

the system-wide certiﬁcate passphrase on a key when installing the certiﬁcate. Thus,

changing the general passphrase will result in all local keys getting equipped with the

new one.

SCEP Conﬁguration

If certiﬁcates are getting enrolled by using the Simple Certiﬁcate Enrollment Protocol

(SCEP) the following settings can be conﬁgured:

Parameter

SCEP status

URL

CA ﬁngerprint

Fingerprint algorithm

Poll interval

NB3700 User Manual 3.8

Certiﬁcate Conﬁguration

The certiﬁcate owner's common name, mainly used to iden-

tify a host

The certiﬁcate owner's email address

The number of days a certiﬁcate will be valid from now on

The length of the private key in bit

The passphrase for accessing/opening a private key

SCEP Conﬁguration

Speciﬁes whether SCEP is enabled or not

The

SCEP

URL,

http://<host>/<path>/pkiclient.exe

The ﬁngerprint of the certiﬁcate used to identify the remote

authority. If left empty, any CA will be trusted.

The ﬁngerprint algorithm for identifying the CA (MD5 or

SHA1)

The polling interval in seconds for a certiﬁcate request

155

usually

the

form

Table of Contents

Show Quick Links

Quick Links:
Features

Hide quick links:

Table of Contents

NetModule NB3700 User Manual page 155

Hide quick links:

Related Manuals for NetModule NB3700

Related Products for NetModule NB3700

Table of Contents