Client Certificates - 3Com V7122 User Manual
Hide thumbs
Also See for V7122:
- User manual (266 pages) ,
- Installation manual (58 pages) ,
- User manual manual (496 pages)
Table of Contents
Advertisement
Figure 111 Example of a Base64-Encoded X.509 Certificate
-----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIEAgAAADANBgkqhkiG9w0BAQQFADA/MQswCQYDVQQGEwJG
UjETMBEGA1UEChMKQ2VydGlwb3N0ZTEbMBkGA1UEAxMSQ2VydGlwb3N0ZSBTZXJ2
ZXVyMB4XDTk4MDYyNDA4MDAwMFoXDTE4MDYyNDA4MDAwMFowPzELMAkGA1UEBhMC
RlIxEzARBgNVBAoTCkNlcnRpcG9zdGUxGzAZBgNVBAMTEkNlcnRpcG9zdGUgU2Vy
dmV1cjCCASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAPqd4MziR4spWldGR
x8bQrhZkonWnNm`+Yhb7+4Q67ecf1janH7GcN/SXsfx7jJpreWULf7v7Cvpr4R7qI
JcmdHIntmf7JPM5n6cDBv17uSW63er7NkVnMFHwK1QaGFLMybFkzaeGrvFm4k3lR
efiXDmuOe+FhJgHYezYHf44LvPRPwhSrzi9+Aq3o8pWDguJuZDIUP1F1jMa+LPwv
REXfFcUW+w==
-----END CERTIFICATE-----
Before continuing, set the parameter HTTPSOnly = 0 to ensure you have a method of
6
accessing the device in case the new certificate doesn't work. Restore the previous
setting after testing the configuration.
In the Certificate screen
7
Click
, navigate to the cert.txt file, and then click
Browse
8
When the operation is completed, save the configuration (see
9
restart the gateway; the Embedded Web Server uses the provided certificate.
•
The certificate replacement process can be repeated when necessary (for
example, the new certificate expires).
•
It is possible to use the IP address of the gateway (for example, 10.3.3.1)
instead of a qualified DNS name in the Subject Name. This practice is not
recommended since the IP address is subject to changes and may not
uniquely identify the device.
•
The server certificate can also be loaded using ini file using the parameter
'HTTPSCertFileName'.
Client Certificates
By default, Web servers using SSL provide one-way authentication. The client is certain that
the information provided by the Web server is authentic. When an organizational PKI is used,
two-way authentication may be desired: both client and server should be authenticated using
X.509 certificates. This is achieved by installing a client certificate on the managing PC, and
loading the same certificate (in base64-encoded X.509 format) to the gateway Trusted Root
Certificate Store. The Trusted Root Certificate file should contain both the certificate of the
authorized user and the certificate of the CA.
Since X.509 certificates have an expiration date and time, the gateway must be configured to
use NTP (See
Simple Network Time Protocol
Without a correct date and time, client certificates cannot work.
348
(Figure
110) locate the server certificate loading section.
Support) to obtain the current date and time.
.
Send File
Saving
Configuration) and
V7122 GatewayUser Guide
Advertisement
Table of Contents
Need help?
Do you have a question about the V7122 and is the answer not in the manual?
Questions and answers