Crestron 3 Series Reference Manual page 28

Load the Certificate Files
Once the CA validates the request.csr file, the CA issues the validated certificate
to the requestor. The following certificate files are required for deployment on
the control system:
•
•
To upload the CA-signed certificate to the control system:
1.
2. Use an SCP or SFTP client to copy the two certificate files to the \User
3. Connect to the control system via SSH or Crestron Toolbox.
4. Issue the delete \Sys\rootCA_cert.cer and delete
5. Issue the move \User\rootCA_cert.cer \Sys and move
Enable TLS/SSL with the CA-Signed Certificate
To enable TLS/SSL with the CA-signed certificate:
1.
2. Issue the reboot command to reboot the control system.
Externally-Signed Certificates
The following procedures are used to load an externally-signed certificate to the
control system.
The following certificate files are required for deployment on the control system.
These files are generally provided by the IT administrator:
•
•
•
24 • 3-Series Control Systems
Signed CA-signed certificate in .cer format (base-64 encoded)
Certification chain (concatenation of the issuing CA and its CA) in .cer
format (base-64 encoded)
Rename the three certificate files as follows:
Rename the signed certificate file to "srv_cert.cer".
•
Rename the certification chain file to "rootCA_cert.cer".
•
directory on the control system.
\Sys\srv_cert.cer, commands to delete any existing certificate files.
\User\srv_cert.cer \Sys commands to move the new certificate files
to the \Sys directory.
Issue the SSL CA command in the control system console.
Private key in .pem format
Signed CA-signed certificate in .cer format (base-64 encoded)
Certification chain (concatenation of the issuing CA and its CA) in .cer
format (base-64 encoded)
Reference Guide – DOC. 7150B