Certificate Management; Host Key Type; Combination Of Key And Certificate - ABB EDS500 Series Function Manual

Ethernet & dsl switches

Hide thumbs Also See for EDS500 Series:

Manual (46 pages)

Operating instruction (7 pages)

Operating instructions manual (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Certificate Management

2.36

Certificate Management

For secure webserver (HTTPS) functionality the EDS500 managed switches requires a

compatible combination of EC key (Eliptic Curve key) and certificate.

In delivery state each EDS500 managed switches has stored its EC key (device key) and its

certificate (device certificate - self-signed) generated from the EC key. This combination is

valid and can be used for the HTTPS functionality.

The usage of the devices' EC key and the devices' certificate (self-signed) is the easiest

way for a HTTPS connection. However, the certificate of each individual device must be

downloaded and integrated into the browser. That can be very complex when managing a

large number of browsers and workstations.

The EC key and certificate can also be generated externally and loaded onto the device. This

enables the use of customer generated keys (external key) and/or certificates (external

certificates).

Every combination of device and external keys and certificates have their advantages.

• Device EC key and device certificate (default state)

• Device EC key and external certificate (CSR)

• External EC key and device certificate

• External EC key and external certificate (CSR or external generated)

The latter combination allows two possibilities. The following chapter describes the

combinations and list.

Generally it should be noted that the activation of certificates takes place directly after the

upload via the web interface. A restart of the device is not necessary.

2.36.1

Host Key Type

The EDS500 managed switches supports only EC (Elliptic curve) keys.

This key is standarized by the name:

• Secp256r1 (SEC 2)

• prime256v1 (X9.62/SECG)

• NIST P-256 (NIST)

The key length has to be 256 bit.

2.36.2

Combination of Key and Certificate

From a technical point of view, the device allows five different ways of using or generating

keys and certificates. Depending on requirements of cyber security and the operating

comfort, the following options are available.

112

Functions

1KGT151021 V000 1

Table of Contents

Show Quick Links

Quick Links:
Configuration Via the Serial Interface

Hide quick links:

Table of Contents

Certificate Management; Host Key Type; Combination Of Key And Certificate - ABB EDS500 Series Function Manual

Certificate Management

Host Key Type

Combination of Key and Certificate

Hide quick links:

Related Manuals for ABB EDS500 Series

Related Content for ABB EDS500 Series

Table of Contents