Secure Sockets Layer (Ssl) Certificates; Ieee 802.1X Certificates - Extron electronics IPL EXP Series User Manual

Secure Sockets Layer (SSL) Certificates

Extron control processors and expansion interfaces ship with factory-installed SSL certificates created by
Extron. If you want or are required to use a different SSL certificate at your installation site, then you can use
system utilities in the Toolbelt software to change the SSL certificate at any time. The Toolbelt Help File provides
instructions on how to apply an SSL certificate to a control processor.
NOTES:
• You must run Toolbelt as an administrator.
• Some certificates require a passphrase that is created when the certificate is created. If a passphrase is
required, you must enter that passphrase before uploading and applying the certificate.
Control system expansion interfaces and controllers support standard OpenSSL certificate encodings such as
.pem (Privacy-enhanced Electronic Mail) and .der (Distinguished Encoding Rules) file types. PEM file types are
ASCII encoded and are the required format for uploading to the control processor. DER file types are binary
encoded and can typically have several file extension variations, such as .crt and .cer. There are many standard
tools that can convert from DER to PEM file encodings if needed.
NOTE: A DER format file must be converted to PEM encoding before uploading it to the control processor.
To properly create the certificate for uploading to Extron expansion interfaces and control processors, ensure that
the certificate file meets the following requirements:
•
Contains X.509 certificate information
•
Contains public and private keys
•
Uses PEM encoding
NOTE: ITU-T standard X.509 covers aspects of public key encryption, digital cryptography, certificates, and
validation.
Contact your IT administrator for more information on what tools and policies are required to obtain or create the
SSL certificate and, if necessary, the corresponding passphrase.

IEEE 802.1X Certificates

IEEE 802.1X is a standard that enables port-based network access control via an authentication server. The
protocol requires that all devices must be authenticated before gaining privileges to access the secure part of the
network.
The Extron implementation of 802.1X supports PEAP - MSCHAPV2 and EAP - TLS methods of authentication.
This section of the guide details the requirements for any
(for the machine certificate) to be used in the system.
Extron provides resources for learning about 802.1X implementation:
• The Extron 802.1X Technology Reference Guide, available from www.extron.com, is the primary resource
for background information, system planning, topology, and how to set up these systems.
•
The Toolbelt Help file provides detailed step-by-step information on using the software to set up 802.1X for
IP Link Pro control systems and on troubleshooting.
•
The 802.1X Primer white paper, also available from www.extron.com, provides a general overview of the
protocol and its use within a control system.
NOTES:
• You must run Toolbelt as an administrator.
• Machine certificates require a private key file, which can be encrypted.
certificate file (machine or CA) and the
IPL EXP Power Series • Reference Information
private key file
50