How To Use Certificates - SEH myUTN utnserver Pro User Manual

USB Deviceserver User Manual macOS
6.6

How to Use Certificates

The UTN server has its own certificate management. Digital certificates are data sets, which confirm the identity
of a person, object, or organization. In TCP/IP networks they are used to encrypt data and to authenticate com-
munication partners.
The UTN needs a certificate for:
• participating in the authentication mechanisms EAP-TLS, EAP-TTLS and PEAP  75
• protecting email communication (POP3/SMTP via SSL/TLS)  46
• protecting the connection between the clients and the connected USB devices  79
• protecting the connection to the utnserver Control Center (with HTTPS)  66
The following certificates can be used in the UTN server:
• 1 self-signed certificate
Certificate generated by the UTN server and signed by the UTN server itself. The certificate confirms the UTN
server's identity.
• 1 client certificate, i.e. 1 requested certificate or 1 PKCS#12 certificate
The client certificate confirms the identity of the UTN server with the help of an additional trustworthy author-
ity which is the certification authority (short CA).
- Requested certificate: As first step, a certificate request is generated on the UTN server and then the request
is sent to a certification authority. In the second step, the certification authority creates a certificate based
on the request for the UTN server and signs it.
- PKCS#12 certificate Exchange format for certificates. You have a certification authority generate a certificate
which is stored in password-protected PKCS#12 format for the UTN server. Then you transport the PKCS#12
file to the UTN server and install it (and thus the certificate in it).
• 1 S/MIME certificate
The UTN server uses the S/MIME Certificate to sign and encrypt emails which is sends. The corresponding pri-
vate key (PKCS#12 format) has to be installed as certificate of it's own in the email program (Mail etc.) so that
emails can be verified and, if necessary, decrypted.
• 1–32 CA certificates, also known as root CA certificates.
Certificates which are issued for a certification authority and confirm its identity. They are used for verifying
certificates that have been issued by the respective certification authority. In case of the UTN server these are
the certificates of communication partners to verify their identity (chain of trust). Thus multi-level public key
infrastructures (PKIs) are supported.
Important:
Upon delivery, a default certificate is stored in the UTN server. This certificate is
issued by SEH Computertechnik GmbH for each device specifically.
• Having a Look at Certificates  71
• Saving a Certificate Locally  71
• Creating a Self-Signed Certificate  71
• Request and Install Certificate (Requested Certificate)  72
• Installing a PKCS#12 Certificate  73
• Installing an S/MIME Certificate (myUTN-2500 only)  73
• Installing a CA Certificate  73
• Deleting Certificates  74
70
Security