Tripp Lite B050-000 Manual De Usuario
Chapter 6. Menu Options
Certificate
Figure 6-30. Certificate Settings
The B050-000 uses the Secure Socket Layer (SSL) protocol for any encrypted network
traffic between itself and a connected client. During the connection establishment
the B050-000 has to expose its identity to a client using a cryptographic certificate.
Upon delivery this certificate and the underlying secret key is the same for all B050-
000 ever produced and certainly will not match the network configuration that will
be applied to the B050-000 by its user. The certificate’s underlying secret key is also
used for securing the SSL handshake. Hence, this is a security risk (but far better than
no encryption at all).
traffic between itself and a connected client. During the connection establishment
the B050-000 has to expose its identity to a client using a cryptographic certificate.
Upon delivery this certificate and the underlying secret key is the same for all B050-
000 ever produced and certainly will not match the network configuration that will
be applied to the B050-000 by its user. The certificate’s underlying secret key is also
used for securing the SSL handshake. Hence, this is a security risk (but far better than
no encryption at all).
However, it is possible to generate and install a new base64 x.509 certificate that is
unique for a particular B050-000. In order to do that, the B050-000 is able to generate
a new cryptographic key and the associated Certificate Signing Request (CSR) that
needs to be certified by a certification authority (CA). A certification authority verifies
that you are the person who you claim you are and signs and issues a SSL certificate
to you.
unique for a particular B050-000. In order to do that, the B050-000 is able to generate
a new cryptographic key and the associated Certificate Signing Request (CSR) that
needs to be certified by a certification authority (CA). A certification authority verifies
that you are the person who you claim you are and signs and issues a SSL certificate
to you.
To create and install a SSL certificate for the B050-000 the following steps are neces-
sary:
sary:
•
Create a SSL Certificate Signing Request using the panel shown in Figure 6-30.
You need to fill out a number of fields that are explained below. Once this is done,
click on the button “Create” which will initiate the Certificate Signing Request gen-
eration. The CSR can be downloaded to your administration machine with the
“Download CSR” button (see Figure 6-31).
You need to fill out a number of fields that are explained below. Once this is done,
click on the button “Create” which will initiate the Certificate Signing Request gen-
eration. The CSR can be downloaded to your administration machine with the
“Download CSR” button (see Figure 6-31).
•
Send the saved CSR to a CA for certification. You will get the new certificate from
the CA after a more or less complicated traditional authentication process (depend-
ing on the CA).
the CA after a more or less complicated traditional authentication process (depend-
ing on the CA).
77