Grandstream Networks GWN7000 Configuration Manual page 13

Key Length
Digest Algorithm
Lifetime (days)
Country Code
State or Province
City
Organization
Email Address
d. Click on
e. Click on
Click on
f.
Click on to revoke the client certificate if no longer needed.
The client certificates (".crt" and ".key") will be used by clients connected to the GWN7000 in order to
establish TLS handshake.
Notes:
•
Client certificates generated from the GWN7000 need to be uploaded to the clients.
•
For security improvement, each client needs to have his own username and certificate, this way
even if a user is compromised, other users will not be affected.
Choose the key length for generating the client certificate.
Following values are available:
•
1024: 1024-bit keys are no longer sufficient to protect
against attacks. Not recommended.
•
2048: 2048-bit keys are a good minimum. Recommended.
•
4096: 4096-bit keys are accepted by nearly all RSA
systems. Using 4096-bit keys will dramatically increase
generation time, TLS handshake delays, and CPU usage for
TLS operations.
Choose the digest algorithm:
•
SHA1: This digest algorithm provides a 160-bit fingerprint
output based on arbitrary length input.
•
SHA-256: This digest algorithm generates an almost-
unique, fixed size 256-bit (32-byte) hash. Hash is a one-way
function – it cannot be decrypted back
Enter the validity date for the client certificate in days.
In our example, set to "120".
Select a country code from the dropdown list.
In our example, set to "MA".
Enter a state name or province.
In our example, set to "Casablanca".
Enter a city name.
In our example, set to "Casablanca".
Enter the organization name.
In our example, set to "GS".
Enter an email address.
In our example, set to "user@grandstream.com".
after completing all the fields for the client certificate.
to export the client certificate file in ".crt" format.
to export the client key file in ".key" format.
GWN7000 VPN Guide
P a g e | 13