Installing The Certificate And Key - GE D400 Hardware User Manual

Substation gateway

Hide thumbs Also See for D400:

Instruction manual (192 pages)

Quick start manual (3 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

SETTING UP SECURE WEB ACCESS

To obtain a security

certificate and private

key

Installing the certificate and key

To install using Secure

Copy

To install from the

USB drive

To obtain a certificate, you need to create and send a Certificate Signing Request (CSR) to

the CA. At the same time you create the CSR, you will also be creating a private key. The

CSR and the provided certificate and private key are supplied in individual text files,

typically named server.csr, server.crt and server.key respectively.

Contact a certification authority to request a certificate and to create your private key.

When making your CSR request, provide the host name of the D400 (the full name that

users will enter in the Web browser to connect to the D400) for the certificate's "Common

Name", and specify a non-encrypted private key file.

When you receive your certificate and private key, you should create a back up copy and

store it in a secure place other than the D400.

Once you have obtained your security certificate and private key, you can install them on

the D400 in two ways:

•

Secure Copy - requires a PC with an installed Secure Copy Program (SCP) and a

network connection to the D400

•

USB Portable Memory Device - requires local access to the D400

Before installing the certificate and key, check that the files are named as follows and

rename if necessary:

•

Certificate is server.crt

•

Private key is server.key

Start the Secure Copy Program.

Connect to and log in to the D400 using your network connection.

Using the Secure Copy Program, copy the server.crt and server.key files to the

following directory on the D400: /mnt/usr/D400_SysConfig/Certificate

Reboot the D400. See "Shutting down the D400" on page 98.

Copy the server.crt and server.key files to the root directory of the USB drive.

Insert the USB drive into one of the front USB ports on the D400.

Start a terminal session and log in to the D400.

At the D400 command prompt, enter the following commands:

mkdir /mnt/usbdrive

mount -t vfat /dev/sda1 /mnt/usbdrive

cp /mnt/usbdrive/server.crt /mnt/usr/_SysConfig/Certificate

cp /mnt/usbdrive/server.key /mnt/usr/_SysConfig/Certificate

sync

umount /dev/sda1

Remove the USB drive.

Reboot the D400. See "Shutting down the D400" on page 98.

Since a USB drive could be lost or stolen, it is recommended you remove the private key

and certificate from the USB drive once you are done installing them on the D400.

Once you have installed and set up your security certificate, your secure Web access with

the D400 is enabled. From this point on, whenever you access the D400 HMI using a Web

browser, the D400 will automatically send you its Web site certificate, and your Web

browser will display a lock icon on the status bar. This indicates that you have a secure

connection with the D400.

GENERAL

D400 SUBSTATION GATEWAY USER'S MANUAL

CHAPTER 6: SETTING UP THE D400

Table of Contents

Installing The Certificate And Key - GE D400 Hardware User Manual

Installing the certificate and key

Related Manuals for GE D400

Related Content for GE D400

Table of Contents