Digi TransPort WR11 User Manual page 540

Configuring Secure Sockets Layer (SSL)
Apply to Destination IP Address
Allows the configuration of multiple SSL destinations, each having a different certificate/key
pair. When set, this parameter will lock the SSL client settings to a specific IP address. If this
parameter is left blank, the router uses the configured SSL client settings for any connection
that requires SSL. As is usual with the tables on the configuration web pages, the relevant and
appropriate parameters are selected and the Add button on the right-hand side is clicked to
add the entry into the table. Once an entry has been added, it can be removed by clicking the
Delete button in the right-hand column.
Reject Self-Signed Certificates
If enabled, a self-signed certificate delivered from the remote peer will be rejected unless a
copy of the certificate exists on the router's local flash memory. The file must be named as per
usual CA certificate convention for Digi TransPort routers, which is to prefix the name with ca,
and use the extension .pem or .der. If disabled, the router accepts self-signed certificates
whether or not a local copy of it exists.
3. Click Apply.
Command line
Command
sslcli
sslcli
sslcli
sslcli
sslcli
Digi TransPort® Routers User Guide
Instance Parameter
0-4 certfile
0-4 keyfile
0-4 cipherlist
0-4 insecure
0-4 IPaddr
Values
Up to 12 characters (DOS
8.3 format)
Up to 12 characters (DOS
8.3 format)
Colon-separated list of
ciphers
on, off
Valid IP address
Configure SSL clients
Equivalent web
parameter
Client Certificate
Filename
Client Private Key
Filename
Cipher List
Allow Insecure Ciphers
Apply to Destination IP
Address
540