1. Manuals
  2. Brands
  3. NetModule Manuals
  4. Network Router
  5. NB3000-Line-Hd
  6. User manual

NetModule NB3000-Line-Hd User Manual page 182

Hide thumbs
Table of Contents

Advertisement

Parameter
Expiry period
Key size
DH primes
Signature
Passphrase
Please be aware of the fact, that the local random number generator (RNG) provides pretty
good randomness for most applications. If stronger cryptography is mandatory, we suggest
to create the keys at an external RNG device or manage all certi cates completely on a
remote certi cation server. Nevertheless, using a local certi cate authority can issue and
manage all required certi cates and also run a certi cate revokation list (CRL).
When importing keys, the certi cate and key le can be uploaded individually encoded in
PEM/DER or PKCS7 format. All les (CA certi cate, certi cate and private key) can also be
uploaded in one stroke by using the container format PKCS12. RSA/DSS keys can be con-
verted from OpenSSH or Dropbear formats. It is possible to specify the passphrase for
opening the private key. Please note that the system will generally apply the system-wide
certi cate passphrase on a key when installing the certi cate. Thus, changing the general
passphrase will result in all local keys getting equipped with the new one.
SCEP Con guration
If certi cates are getting enrolled by using the Simple Certi cate Enrollment Protocol (SCEP)
the following settings can be con gured:
Parameter
SCEP status
URL
CA ngerprint
Fingerprint algorithm
Poll interval
Request timeout
ID type
Password
NB3000-Line-Hd User Manual 4.2
Certi cate Con guration
The number of days a certi cate will be valid from now on
The length of the private key in bits
The number of bits for custom Di e-Hellman primes
The signature algorithm when signing certi cates
The passphrase for accessing/opening a private key
SCEP Con guration
Speci es whether SCEP is enabled or not
The
SCEP
URL,
http://<host>/<path>/pkiclient.exe
The ngerprint of the certi cate used to identify the remote
authority. If left empty, any CA will be trusted.
The ngerprint algorithm for identifying the CA (MD5 or SHA1)
The polling interval in seconds for a certi cate request
The max. polling time in seconds for a certi cate request
Can be IP, Email or DNS
The password for the scep server.
173
usually
in
the
form

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NB3000-Line-Hd and is the answer not in the manual?

Questions and answers

Related Manuals for NetModule NB3000-Line-Hd

Related Products for NetModule NB3000-Line-Hd

Table of Contents