Digi Connect WAN Series User Manual page 149

Hide thumbs Also See for Connect WAN Series:

Configuring (5 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

page of 207

/ 207
Contents
Table of Contents
Bookmarks

Table of Contents

Digi Connect WAN Family web interface

Security type

Secure Shell (SSHv2)

Behavior of SSH/SSL private keys on Digi device

Digi devices generate their SSH/SSL self-signed private keys automatically. While this automatic

generation is convenient for device users, as they are not required perform any actions regarding the

private keys, it presents some security loopholes.

With self-signed private keys, you must establish trust in a secure environment. That is, if you

cannot guarantee that the environment is secure, you must pull the private keys off the Digi

device.

You must know about the certificate before you connect, as opposed to third-party signed

certificates, where you only need the third-party certificate.

The length of a Digi device's self-signed private keys is 1024 bits. While this length is adequate

for 99.9% of all applications, some people or applications prefer a shorter or longer key.

Using TFTP to load and store certificate information

Use TFTP to load and store PEM-formatted certificates into the certificate and private key

management tables.

Using HTTP/HTTPS to transfer certificate and key data

You can use HTTP or HTTPS to transfer certificate and private key data on a web browser.

Data retained after factory reset

When you reset a Digi device to factory defaults, it retains certificates and private key data loaded

onto it.

Certificate management settings

There are separate pages of settings for the certificate databases and key management for

certificates and key data for the different types of security implementations.

Certificate Authorities (CAs) / Certificate Revocation Lists (CRLs)

Upload CAs and CRLs

Use this section to upload and manage certificate authority (CA) certificates, or certificate revocation

list (CRL) files. You can install up to 8 CA certificates and up to 8 CA revocations. You can also obtain CA

certificates from a SCEP server. You can install up to 8 SCEP CA certificates.

You an use files in ASN.1 DER or PEM Base64 encoded formats. Click Choose File and type or browse to

the name of the file to upload. Click the Upload button to upload the file.

Digi Connect WAN Family User Guide

Table

Used to load

SSH Host Keys

SSHv2 identity private keys. Used for

Table

authentication with SSHv2 clients and secure

key exchange. A default 1024-bit DSA key is

generated automatically if none exists when the

device boots. There is no certificate for SSHv2,

just private key data.

Administration

149

Table of Contents

This manual is also suitable for:

Connect wan gprs series Connect wan gsm-r series Connect wan vpn series Connect wan ia series Connect wan 3g series Connect wan 4g series ... Show all

Digi Connect WAN Series User Manual page 149

Related Manuals for Digi Connect WAN Series

Related Products for Digi Connect WAN Series

This manual is also suitable for:

Table of Contents