Wacom Cintiq Pro 32 Manual page 446

• Signature hash algorithm must be SHA-384.
• Public key needs to be an 384 bit elliptic curve key that was generated from the secp384r1
curve (commonly known as the P-384 curve).
• Must be generated as unencrypted .pem files.
Client Certificate Specific Requirements
• Key Usage must be Digital Signature or omitted.
• Self signed certificates are not allowed.
Server Certificate Specific Requirements
• Key Usage must be Key Agreement, Key Encipherment or omitted.
• Self signed certificates are not allowed.

Notes
• The validity period is optional.
• The Certificate Revocation List (CRL) lookup and Online Certificate Status Protocol (OCSP) is not used.
• If certificate key usage has both Digital Signature and Key Agreement (or if certificate has no Key Usage), then it
is possible to use the same certificate on both host and client.
• See samples for Zero Client (client), Remote Workstation Card (server), and Root CA certificates.
• The Generate_Certificate_Script
Unzip and run the example_suiteb_all_gen.sh script (certificates will be created in the certificates folder).
Perform the following configuration steps on the Remote Workstation Card and Zero Client to
establish a secure connection with your custom certificates.
Remote Workstation Card Configuration
1. Login to the Remote Workstation Card AWI.
2. Browse to Upload > Certificate and Upload both the issuer (example_suite_b_root_ca_cert.pem)
and client (example_suite_b_server.pem) certificates.
3. Browse to Configuration > Session.
© 2020 Teradici
Client Certificate Specific Requirements
package has been provided to demonstrate how to generate custom certificates.
446