Ssl Certificates - Siemens RUGGEDCOM ROS User Manual

Hide thumbs Also See for RUGGEDCOM ROS:

User manual (246 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

Table of Contents

RUGGEDCOM ROS

User Guide

NOTE

The auto-generation of SSH keys is not available for Non-Controlled (NC) versions of RUGGEDCOM ROS.

• On first boot, RUGGEDCOM ROS will start the SSH and SSL services using the default keys.

• Immediately after boot, RUGGEDCOM ROS will start to generate a unique SSL certificate and SSH key pair, and

save each one to its corresponding flash file. As each one is created, the corresponding service is immediately

restarted with the new keys.

• At any time during the key generation process, custom keys can be uploaded. The custom keys will take

precedence over both the default and auto-generated keys.

• On subsequent boot, if there is a valid ssl.crt file, the default certificate will not be used for SSL. If there is a

valid ssh.keys file, the default SSH key will not be used.

• At any time, new keys may be uploaded or generated by RUGGEDCOM ROS using the sslkeygen or

sshkeygen CLI commands.

CONTENTS

•

Section 1.2.2.1, "SSL Certificates"

•

Section 1.2.2.2, "SSH Key Pairs"

Section 1.2.2.1

SSL Certificates

RUGGEDCOM ROS supports SSL certificates that conform to the following specifications:

• X.509 v3 digital certificate format

• PEM format

• For RUGGEDCOM ROS Controlled verions: RSA key pair, 1024, 2048 or 3072 bits; or EC 256, 384 or 521 bits

• For RUGGEDCOM ROS Non-Controlled (NC) verions: RSA key pair, 512 to 2048 bits

The RSA key pair used in the default certificate and in those generated by RUGGEDCOM ROS uses a public key of

1024 bits in length.

NOTE

RSA keys smaller than 2048 bits in length are not recommended. Support is only included here for

compatibility with legacy equipment.

NOTE

The default certificate and keys are common to all RUGGEDCOM ROS versions without a certificate or

key files. That is why it is important to either allow the key auto-generation to complete or to provision

custom keys. In this way, one has at least unique, and at best, traceable and verifiable keys installed

when establishing secure communication with the unit.

The following (bash) shell script fragment uses the openssl command line utility to generate a self-signed X.509

v3 SSL certificate with a 1024 bit RSA key suitable for use in RUGGEDCOM ROS. Note that two standard PEM files

are required: the SSL certificate and the RSA private key file. These are concatenated into the resulting ssl.crt

file, which may then be uploaded to RUGGEDCOM ROS:

# RSA key size:

BITS=1024

SSL Certificates

Chapter 1

Introduction

Table of Contents

Ssl Certificates - Siemens RUGGEDCOM ROS User Manual

SSL Certificates

Related Manuals for Siemens RUGGEDCOM ROS

Related Content for Siemens RUGGEDCOM ROS

Table of Contents