Lantronix 900-598 Obtaining Certificates, Self-Signed Certificates, Certificate Formats, OpenSSL

Page 96

14: Security in Detail

the exception of the root CA. This way, trust is transferred along the chain, from the root CA through any number of intermediate authorities, ultimately to the agent that needs to prove its authenticity.

Obtaining Certificates

Signed certificates are typically obtained from well-known CAs, such as VeriSign. This is done by submitting a certificate request for a CA, typically for a fee. The CA will sign the certificate request, producing a certificate/key combo: the certificate contains the identity of the owner and the public key, and the private key is available separately for use by the owner.

As an alternative to acquiring a signed certificate from a CA, you can act as your own CA and create self-signed certificates. This is often done for testing scenarios, and sometimes for closed environments where the expense of a CA-signed root certificate is not necessary.

Self-Signed Certificates

A few utilities exist to generate self-signed certificates or sign certificate requests. The PremierWave XC also has the ability to generate its own self-signed certificate/key combo. You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the internal certificate generator can only be used for certificates to identify that particular PremierWave XC.

Certificate Formats

Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. Additionally, the key can be either be encrypted with a password or left in the clear. However, the PremierWave XC currently only accepts separate PEM files, with the key unencrypted.

Several utilities exist to convert between the formats.

OpenSSL

OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can also generate or sign certificate requests, and can convert from and to several different of formats.

OpenSSL is available in binary form for Linux and Windows. To generate a self-signed RSA certificate/key combo:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem -out mp_cert.pem

See www.openssl.org or www.madboa.com/geek/openssl for more information.

Note: Signing other certificate requests is also possible with OpenSSL but the details of this process are outside the scope of this document.

PremierWave XC User Guide

96

Page 95 Page 97
Image 96
Page 95 Page 97
Contents XC User Guide Warranty Copyright & TrademarkContacts DisclaimerFCC Part 15.21 Statement FCC RF Radiation Exposure StatementRevision History Table of Contents Using This GuideInstallation of PremierWave XC IntroductionUsing DeviceInstaller Configuration Using Web ManagerNetwork Settings Line and Tunnel SettingsTerminal and Host Settings Services SettingsSecurity Settings Maintenance and Diagnostics Settings Advanced SettingsEvents Security in DetailUpdating Firmware Branding the PremierWave XC 100Troubleshooting 102 Appendix C Compliance 107List of Figures List of TablesList of Tables Using This Guide Purpose and AudienceSummary of Chapters Chapter DescriptionAdditional Documentation Document DescriptionKey Features IntroductionApplications Troubleshooting Capabilities Configuration MethodsProtocol Support Addresses and Port Numbers Product Information LabelHardware Address IP AddressProduct Label Installation of PremierWave XC Package ContentsUser-Supplied Items Hardware Components PremierWave XC Male DB9 DTE Serial PortsReset Button Back PanelPower Top PanelSerial Connector Description Side PanelInstalling the PremierWave XC Bottom PanelPremierWave XC Connections 11 PremierWave XC Dimensions Using DeviceInstaller Accessing PremierWave XC using DeviceInstallerDevice Detail Summary Current Settings Description Telnet Supported Telnet PortWeb Port Firmware UpgradableConfiguration Using Web Manager Accessing Web ManagerDevice Status Device StatusWeb Manager Page Components Layout of a typical Web Manager page is belowNavigating the Web Manager Web Manager Description SeeNetwork Protocol StackQuery Port SyslogNetwork Settings WAN Connection SettingsDdns Settings To Configure WAN Connection SettingsNetwork 1 Interface Settings To View or Configure Ddns SettingsSetting / Field Description Network Interface Description SettingsDefault Gateway Dhcp ClientHostname Dhcp Client IDNetwork 1 Link Settings To Configure Network 1 Interface SettingsNetwork 1 Ethernet eth0 Description Link Settings To View Network 1 Interface StatusNetwork 2 SMS Outbound Settings To Configure Network 1 Link SettingsNetwork 2 wwan0 Description SMS Outbound Settings Network 2 Interface StatusNetwork 2 SMS Inbound Settings To Configure Network 2 SMS Outbound SettingsNetwork 2 Roam Settings To Configure Network 2 SMS Inbound SettingsNetwork 2 wwan0 Description SMS Inbound Settings Network 2 wwan0 Description Roam SettingsNetwork 2 GSM/GPRS Bands Settings To Configure Network 2 Roam SettingsTo Configure Network 2 GSM/GPRS bands Settings Network 2 wwan0 Description GSM/GPRS SettingsNetwork 2 SIM Pin Settings To Configure Network 2 SIM Pin SettingsNetwork 2 wwan0 Description SIM Pin Settings Network 2 APN Configuration Settings To Configure Network 2 APN Configuration SettingsNetwork 2 wwan0 Description APN Configuration Settings Enter Access Point Name APNNetwork 2 Carrier Connection Settings To Configure Network 2 Carrier Connection SettingsNetwork 2 wwan0 Description Carrier Connection Settings Network 2 SMS Statistics6Network Settings Line and Tunnel Settings Line SettingsConfiguration Line Settings DescriptionCommand Mode Line Command Description Mode SettingsTo Configure Line Settings Statistics To View Line StatisticsSerial String Echo Serial StringTunnel Settings Serial SettingsTunnel Serial Description Settings To Configure Tunnel Serial Settings Packing ModeTunnel Packing Description Mode Settings To Configure Tunnel Packing Mode Settings Accept ModeTunnel Accept Mode Description Settings Local PortTo Configure Tunnel Accept Mode Settings Connect Mode Tunnel Connect Description Mode SettingsReconnect Timer To Configure Tunnel Connect Mode Settings Flush Serial DataEmail on ConnectDisconnect Mode To Configure Tunnel Disconnect Mode SettingsTunnel Disconnect Mode Description Settings Tunnel Modem Emulation Description Settings Modem EmulationTo Configure Tunnel Modem Emulation Settings StatisticsTo View Tunnel Statistics Terminal and Host Settings Terminal SettingsTerminal on Network Description Line Settings Host Configuration To Configure the Terminal Network ConnectionTo Configure the Terminal Line Connection To Configure Host Settings Host Settings DescriptionSSH Username Remote AddressServices Settings DNS SettingsTo View or Configure DNS Settings FTP Settings Syslog SettingsTo Configure FTP Settings Syslog Settings DescriptionHttp Settings To View or Configure Syslog SettingsHttp Settings Description To Configure Http Settings Http Authentication Description SettingsEnter the Uniform Resource Identifier URI To Configure Http Authentication Auth TypeRSS Settings To Configure RSS SettingsRSS Settings Description Security Settings SSL SettingsCertificate Generation Description Settings Certificate and Key GenerationTo Create a New Credential Certificate Upload Settings To Configure an Existing SSL CredentialUpload Certificate Description Settings New CertificateTrusted Authorities Description Settings Trusted AuthoritiesTo Upload an Authority Certificate AuthorityMaintenance and Diagnostics Settings Filesystem SettingsFile Display Commands Description File DisplayFile Modification Description Commands File Transfer Settings DescriptionFile Modification File TransferProtocol Stack Settings To Configure IP Network Stack SettingsProtocol Stack Description IP Settings To Transfer or Modify Filesystem FilesTo Configure Icmp Network Stack Settings To Configure ARP Network Stack SettingsProtocol Stack Description Icmp Settings MAC AddressTo Configure Smtp Network Stack Settings To Configure Snmp Network Stack SettingsProtocol Stack Description Snmp Settings To Configure Query Port Settings Query Port Settings DescriptionQuery Port Diagnostics Hardware To View Hardware InformationIP Sockets To View the List of IP SocketsDiagnostics Description Traceroute Settings To Ping a Remote HostTraceroute To Perform a TracerouteTo Configure the Diagnostic Log Output Diagnostics Description Log SettingsLog MemoryProcesses To View Process InformationRoute To View Route InformationSystem Settings To Reboot or Restore Factory DefaultsSystem Settings Description Advanced Settings Email SettingsTo View, Configure and Send Email Email Configuration Description SettingsCommand Line Interface Settings Basic CLI SettingsTo View and Configure Basic CLI Settings Command Line Interface Description Configuration SettingsTelnet Settings To Configure Telnet SettingsTelnet Settings Description XML Settings SSH SettingsTo Configure SSH Settings XML Export ConfigurationTo Export Configuration in XML Format XML Export Configuration Description SettingsXML Import Configuration Import Configuration from External FileXML Export Status Settings Description XML Export StatusFailover Settings Import Configuration from the FilesystemTo Import Configuration in XML Format Import Configuration from Description Filesystem SettingsTo Configure Failover Settings Failover Settings DescriptionRelay Output Settings To Configure Relay Output SettingsRelay Output Settings Description Event Alert Settings Description EventsEvent Overview Event AlertsTo Configure Input 1 Settings To Configure Input 2 SettingsTo Configure Main Power Fail Settings To Configure Backup Power Fail Settings To Configure Wwan0 Link Down SettingsTo Configure Ethernet Link Down Settings Events Status and Clearing EventsTo Clear Events Security in Detail Public Key InfrastructureDigital Certificates Trusted AuthoritiesObtaining Certificates Self-Signed CertificatesCertificate Formats OpenSSLSteel Belted Radius Free RadiusUpdating Firmware Obtaining FirmwareLoading New Firmware through Web Manager To upload new firmwareLoading New Firmware through FTP Branding the PremierWave XC Web Manager CustomizationShort and Long Name Customization Name Settings Description To Customize Short or Long NamesTroubleshooting Diagnostic LED StatesProblems and Error Messages Problem/Message Reason SolutionTroubleshooting Appendix a Technical Support Technical Support USAppendix B Binary to Hexadecimal Conversions Converting Binary to HexadecimalScientific Calculator Conversion TableAppendix B Binary to Hexadecimal Conversions Appendix C Compliance Product Name ModelDevice Label with CE Mark and FCC ID Manufacturers ContactRoHS Notice SLB SLC SLP

900-598 specifications

The Lantronix 900-598 is a powerful and versatile device designed to facilitate robust data communication and management for industrial and commercial applications. At the heart of the 900-598 lies its advanced networking capabilities, making it an essential tool for IoT implementations, operational efficiency, and remote device management.

One of the main features of the Lantronix 900-598 is its ability to provide secure and reliable connectivity. The device supports various communication protocols, including serial and Ethernet, enabling seamless integration with a wide array of devices across diverse environments. This flexibility allows users to connect legacy equipment to modern networks, thereby extending the life of existing technologies while enhancing operational capabilities.

The Lantronix 900-598 is equipped with robust security measures to protect sensitive data during transmission. It supports encryption protocols, such as SSL and SSH, ensuring that data remains confidential and secure from unauthorized access. This security is crucial for industries dealing with sensitive information, such as healthcare, finance, and manufacturing, where data breaches can have severe repercussions.

Another notable characteristic of the 900-598 is its ease of use. The device features a user-friendly interface that simplifies setup and configuration. Additionally, it supports remote access and management, allowing users to monitor and control devices from virtually anywhere. This remote management capability is particularly advantageous for organizations with distributed operations, enabling them to maintain oversight without needing to be physically present at each location.

In terms of performance, the Lantronix 900-598 offers high-speed data transfer rates, which are essential for real-time applications. It is designed to handle large volumes of data efficiently, making it suitable for applications that require quick responses and minimal latency. The device ensures reliable operation through features like error correction and data integrity monitoring.

Lastly, the Lantronix 900-598 is built to withstand challenging environmental conditions, thanks to its rugged design. This durability makes it suitable for deployment in harsh industrial settings, where exposure to dust, moisture, and extreme temperatures is common.

In conclusion, the Lantronix 900-598 stands out as an advanced solution for data communication and device management. Its combination of secure connectivity, ease of use, high performance, and durability makes it an excellent choice for businesses looking to modernize their operations and embrace the future of IoT and remote management. With its extensive features and robust technologies, the 900-598 is poised to enhance productivity and streamline processes across various industries.
Top Page Image Contents