Raritan Computer SX8 用户手册
C
HAPTER
4:
C
ONSOLE
F
EATURES
49
Certificate
Overview
The Certificate configuration screen provides an area for Administrators to define security parameters.
Dominion SX supports certificate-based server authentication to establish an encrypted SSL session and to
assure the user that they are dealing with a correct web site. The encrypted SSL session, always through
HTTPS connection, ensures that personal information sent over the network is secure. Dominion SX
supports SSL 128-bit encryption, and will negotiate with the client only at the specified security strength.
The unit can act as a Certifying Authority and generate both self-signed CA Certificate and the Server
Certificate. The certificate generated uses a 1024-bit public key.
The Certificate configuration screen provides an area for Administrators to define security parameters.
Dominion SX supports certificate-based server authentication to establish an encrypted SSL session and to
assure the user that they are dealing with a correct web site. The encrypted SSL session, always through
HTTPS connection, ensures that personal information sent over the network is secure. Dominion SX
supports SSL 128-bit encryption, and will negotiate with the client only at the specified security strength.
The unit can act as a Certifying Authority and generate both self-signed CA Certificate and the Server
Certificate. The certificate generated uses a 1024-bit public key.
Figure 49 Certificate Tab Display
Configuration
When the user powers up the unit for the first time, an SSL certificate associated with the default IP address
192.168.0.192 is generated. When the user tries to connect to the unit, a Security Alert is displayed because
the CA root certificate is not installed in the browser. Click on the [Yes] button to continue the
Configuration process, and configure the unit. Please refer to Appendix C: Certificates for more
information on how to install the certificate into the browser to prevent the security alert window from
appearing. After the configuration is completed, the unit reboots. The server certificate is generated once
again, this time for the new IP address assigned to the unit.
When the user powers up the unit for the first time, an SSL certificate associated with the default IP address
192.168.0.192 is generated. When the user tries to connect to the unit, a Security Alert is displayed because
the CA root certificate is not installed in the browser. Click on the [Yes] button to continue the
Configuration process, and configure the unit. Please refer to Appendix C: Certificates for more
information on how to install the certificate into the browser to prevent the security alert window from
appearing. After the configuration is completed, the unit reboots. The server certificate is generated once
again, this time for the new IP address assigned to the unit.
Certificate Generation
Dominion SX provides different methods of generating certificates.
Dominion SX provides different methods of generating certificates.
•
Default (or Self-Signed) Certificate: By default, the unit ships with a self-signed certificate signed by
Raritan Computer. The certificate strength is 1024-bits and the certificate is valid for one year.
•
User Certificate: This method allows the installation of a user-generated certificate, which can be in
one the following forms:
−
User certificate generated from the CSR (Certificate Signing request) form. Clicking the
“Generate CSR” button generates a CSR. In this case, only the certificate is installed into the unit.
The certificate is compared with the private key (already generated) before it is installed into the
unit.
The certificate is compared with the private key (already generated) before it is installed into the
unit.
−
User Certificate and private key (without pass-phrase) generated by a trusted third-party are
installed into the unit.
Once the certificates are installed, the unit will automatically reboot so that the certificates take effect.
There is an option that allows users to select either the self-generated or user-installed certificate at any
time. Once installed, certificates are maintained in the unit. A status indicator at the top of the Certificate
screen indicates the unit’s Certificate status, which might be:
There is an option that allows users to select either the self-generated or user-installed certificate at any
time. Once installed, certificates are maintained in the unit. A status indicator at the top of the Certificate
screen indicates the unit’s Certificate status, which might be:
•
Active default certificate.
•
Active user certificate.