Certificate Management; Certificate Requirements - Crestron 3 Series Reference Manual

Certificate Management

Security certificates for 802.1X and other security protocols can be added,
removed, and managed from the console.
The control system supports five types of certificates:
•
•
•
•
•
Certificates can also be managed using the Security Certificates function in
Crestron Toolbox. For more information, refer to the Crestron Toolbox help file.

Certificate Requirements

3-Series control systems support all standard X.509v3 certificates that use the
following:
•
•
20 • 3-Series Control Systems
Root: The Root certificate is used by the control system to validate the
network's authentication server. 3-Series control systems have a variety
of Root certificates, self-signed by trusted CAs (Certificate Authorities),
that are preloaded into the device. Root certificates must be self-signed.
Intermediate: The Intermediate store holds non self-signed certificates
that are used to validate the authentication server. These certificates are
provided by the network administrator if the network does not use
self-signed Root certificates.
Machine: The machine certificate is an encrypted PFX file that is used by
the authentication server to validate the identity of the control system.
The machine certificate will be provided by the network administrator,
along with the certificate password.
NOTE: Only one machine certificate may be stored on the control system
for 802.1X.
WebSocket: A WebSocket certificate is used to validate the network's
authentication server via the WebSocket (WSS) protocol.
User: The User store holds additional certificates not used in the 802.1X
standard.
RSA key with length 2048, 3072, or 4096 bits
Hash Algorithms using SHA-1, SHA-256, SHA-384, or SHA-512
Reference Guide – DOC. 7150B