NetModule NB3710 User Manual page 186

Hide thumbs Also See for NB3710:

User manual (196 pages)

User manual (211 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

Table of Contents

NB3710

User Manual for NRSW version 4.4

Parameter

Country (C)

Common Name (CN)

E-Mail

Expiry period

Key size

DH primes

Signature

Passphrase

Please be aware of the fact, that the local random number generator (RNG) provides pretty good

randomness for most applications. If stronger cryptography is mandatory, we suggest to create the

keys at an external RNG device or manage all certiﬁcates completely on a remote certiﬁcation server.

Nevertheless, using a local certiﬁcate authority can issue and manage all required certiﬁcates and also

run a certiﬁcate revokation list (CRL).

When importing keys, the certiﬁcate and key ﬁle can be uploaded individually encoded in PEM/DER

or PKCS7 format. All ﬁles (CA certiﬁcate, certiﬁcate and private key) can also be uploaded in one

stroke by using the container format PKCS12. RSA/DSS keys can be converted from OpenSSH or

Dropbear formats. It is possible to specify the passphrase for opening the private key. Please note

that the system will generally apply the system-wide certiﬁcate passphrase on a key when installing

the certiﬁcate. Thus, changing the general passphrase will result in all local keys getting equipped with

the new one.

SCEP Conﬁguration

If certiﬁcates are getting enrolled by using the Simple Certiﬁcate Enrollment Protocol (SCEP) the

following settings can be conﬁgured:

Parameter

SCEP status

URL

CA ﬁngerprint

Fingerprint algorithm

Poll interval

Request timeout

ID type

Password

Certiﬁcate Conﬁguration

The certiﬁcate owner's country (usually a TLD abbreviation)

The certiﬁcate owner's common name, mainly used to identify a host

The certiﬁcate owner's email address

The number of days a certiﬁcate will be valid from now on

The length of the private key in bits

The number of bits for custom Difﬁe-Hellman primes

The signature algorithm when signing certiﬁcates

The passphrase for accessing/opening a private key. This passphrase

is initialized to a random string the ﬁrst time you log in. (see 5.1.1)

SCEP Conﬁguration

Speciﬁes whether SCEP is enabled or not

The

SCEP

URL,

http://<host>/<path>/pkiclient.exe

The ﬁngerprint of the certiﬁcate used to identify the remote authority.

If left empty, any CA will be trusted.

The ﬁngerprint algorithm for identifying the CA (MD5 or SHA1)

The polling interval in seconds for a certiﬁcate request

The max. polling time in seconds for a certiﬁcate request

Can be IP, Email or DNS

The password for the scep server.

186

usually

the

form

Table of Contents

NetModule NB3710 User Manual page 186

Need help?

Questions and answers

Related Products for NetModule NB3710

This manual is also suitable for:

NetModule NB3710 User Manual page 186

Need help?

Questions and answers

Related Manuals for NetModule NB3710

Related Products for NetModule NB3710

This manual is also suitable for:

Table of Contents