Add A Certificate; Tls/Ssl - Crestron 3 Series Reference Manual

Add a Certificate

To add a certificate to a certificate store on the control system:
1.
2. Use an SSH console or Crestron Toolbox to copy the certificate file to the
3. Issue the CERTIFicate ADD Certificate_Store <Certificate_Name>

TLS/SSL

3-Series control systems provide support for Transport Layer Security (TLS) and
Secure Sockets Layer (SSL). TLS/SSL is a protocol that provides a secure channel
for communication between two machines. The secure channel is transparent
and passes data through unchanged. The data is encrypted between the client
and the server, but the data the one end writes is exactly what the other end
reads.
NOTE:
set to "off" by default and is set to "self" after authentication is turned on.
To enable TLS/SSL, issue the SSL command:
•
•
NOTE:
For more information, refer to "Server Certificates" on page 22.
Reference Guide – DOC. 7150B
Use an SFTP or SCP client to upload the certificate file (in .cer or .pem
format) to the "\User" directory.
"\ROMDISK\User\Cert" directory.
<Certificate_UID> <Password> command.
Certificate_Store: The certificate store where the certificate file
•
will reside [ROOT|MACHINE|USER|INTERMEDIATE|WEBSOCKET]
Certificate_Name: The name of the certificate file
•
Certificate_UID: The unique identifier of the certificate file
•
Password: The password for the certificate file (machine certificates
•
only)
3-Series control systems only support TLS/SSL over TCP/IP. TLS/SSL is
Syntax: SSL [OFF | SELF | CA] {TLSONLY | TLS1.2ONLY}
OFF: Turns off SSL if it is on
o
SELF: Turns on SSL using a self-signed certificate
o
CA: Turns on SSL using a CA-signed certificate
o
TLSONLY: Implies TLS 1.0, TLS 1.1, or TLS 1.2 is supported for
o
client/server connections
TLS1.2ONLY: Implies that only TLS 1.2 is supported for client/server
o
connections
No parameter: Displays the current setting
o
Example: SSL CA TLS1.2ONLY
When TLS/SSL is enabled, the control system uses a server certificate.
3-Series Control Systems • 21