Lantronix XN manual Obtaining Certificates, Self-Signed Certificates, Certificate Formats, OpenSSL

Page 93

14: Security in Detail

the exception of the root CA. This way, trust is transferred along the chain, from the root CA through any number of intermediate authorities, ultimately to the agent that needs to prove its authenticity.

Obtaining Certificates

Signed certificates are typically obtained from well-known CAs, such as VeriSign. This is done by submitting a certificate request for a CA, typically for a fee. The CA will sign the certificate request, producing a certificate/key combo: the certificate contains the identity of the owner and the public key, and the private key is available separately for use by the owner.

As an alternative to acquiring a signed certificate from a CA, you can act as your own CA and create self-signed certificates. This is often done for testing scenarios, and sometimes for closed environments where the expense of a CA-signed root certificate is not necessary.

Self-Signed Certificates

A few utilities exist to generate self-signed certificates or sign certificate requests. The PremierWave XN also has the ability to generate its own self-signed certificate/key combo. You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the internal certificate generator can only be used for certificates that are to identify that particular PremierWave XN.

Certificate Formats

Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. Additionally, the key can be either be encrypted with a password or left in the clear. However, the PremierWave XN currently only accepts separate PEM files, with the key unencrypted.

Several utilities exist to convert between the formats.

OpenSSL

OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can also generate or sign certificate requests, and can convert from and to several different of formats.

OpenSSL is available in binary form for Linux and Windows. To generate a self-signed RSA certificate/key combo:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem - out mp_cert.pem

See www.openssl.org or www.madboa.com/geek/openssl for more information.

Note: Signing other certificate requests is also possible with OpenSSL but the details of this process are outside the scope of this document.

PremierWave XN User Guide

93

Image 93
Contents XN User Guide Copyright & Trademark WarrantyContacts DisclaimerUsing This Guide Table of ContentsInstallation of PremierWave XN Using DeviceInstallerConfiguration Using Web Manager Network SettingsLine and Tunnel Settings Terminal and Host Settings Services SettingsSecurity Settings Maintenance and Diagnostics Settings Advanced Settings BridgingSecurity in Detail Updating Firmware VIP SettingsBranding the PremierWave XN 103PremierWave XN Product Label List of FiguresList of Tables PremierWave XN User Guide Purpose and Audience Using This GuideSummary of Chapters Chapter DescriptionDocument Description Additional DocumentationIntroduction Key FeaturesApplications Protocol SupportConfiguration Methods Troubleshooting CapabilitiesAddresses and Port Numbers Hardware AddressProduct Information Label IP AddressPort Numbers Package Contents Installation of PremierWave XNUser-Supplied Items Hardware ComponentsButton pin hole Signal Strength LEDsLeft LED PowerRight LED SerialWlan Signal Strength Indicator at 5 GHz Wlan Signal Strength Indicator at 2.4 GHzWPS Status Indicator 10 Diagnostic LED Indications Fault Conditions Blink PatternBack Panel To Start WPS Wi-Fi Protected Setup WPSTo Cancel WPS Installing the PremierWave XNPerform the following steps to install your device To Show WPS Status13 PremierWave XN Dimensions in Millimeters mm Accessing PremierWave XN Using DeviceInstaller Using DeviceInstallerDevice Detail Summary IP address was obtained dynamicallyCurrent Settings Description Configuration Using Web Manager Accessing Web ManagerTo access Web Manager, perform the following steps Device Status Help Area Web Manager ComponentsWeb Manager Description See Navigating Web ManagerQuery Port Protocol StackSmartRoam SyslogNetwork Interface Settings Network SettingsNetwork Interface Settings Network Interface Description SettingsTo Configure Network Interface Settings Network 1 eth0 Link Settings Network Link SettingsNetwork 1 Ethernet eth0 Description Link Settings To View Network Interface StatusNetwork 2 Wlan wlan0 Description Link Settings Network 2 wlan0 Link SettingsWlan Link Status and Scan Commands To Configure Network Link SettingsNetwork 2 Link Scan Network 2 Link Scan Results on WebManagerTo View Wlan Link Scan and Status Information Network 2 Link StatusWlan Link Status Description Wlan Profile Basic Settings Description To Configure Wlan ProfilesWlan Profiles Creating, Deleting or Enabling Wlan ProfilesWlan Profile Basic Settings To Configure Wlan Profile Basic SettingsTo Configure Wlan Profile Advanced Settings Wlan Profile Advanced SettingsWlan Profile Advanced Settings Description To Configure Wlan Profile Security Settings Wlan Profile Security Settings10 Wlan Profile Security Settings Wlan Profile Description Security SettingsTo Configure Wlan Profile WEP Settings Wlan Profile WEP Settings11 Additional WEP Settings for Wlan Profile Wlan Profile WEP Settings Description12 Wlan Profile WPA and WPA2/IEEE802.11i Settings Wlan Profile WPA and WPA2/IEEE802.11i SettingsWlan Profile WPA Description WPA2 Settings KeyTo Configure Wlan Profile WPA and WPA/IEEE802.11i Settings Wlan Quick Connect Description Settings To Configure Wlan Quick ConnectWlan Quick Connect 13 Wlan Quick ConnectLine Settings Line and Tunnel SettingsLine Configuration Settings Line Settings DescriptionTo Configure Line Settings Line Command Mode SettingsLine Command Description Mode Settings Serial Settings Tunnel SettingsTunnel Serial Description Settings Line Settings Line Settings to modify these settingsPacking Mode To Configure Tunnel Serial SettingsTunnel Packing Mode Settings Tunnel Serial Description SettingsAccept Mode To Configure Tunnel Packing Mode SettingsSend Character Trailing CharacterTunnel Accept Mode Description Settings Tunnel Accept Mode SettingsConnect Mode To Configure Tunnel Accept Mode SettingsBlock Network Email on ConnectTunnel Connect Mode Description Settings Tunnel Connect Mode SettingsReconnect Timer Flush Serial DataDisconnect Mode To Configure Tunnel Connect Mode SettingsTunnel Disconnect Mode Settings Tunnel Disconnect Description Mode SettingsTunnel Modem Emulation Settings To Configure Tunnel Disconnect Mode SettingsTunnel Modem Description Emulation Settings Modem EmulationStatistics To Configure Tunnel Modem Emulation SettingsTo View Tunnel Statistics Connect StringTerminal and Host Settings Terminal SettingsTerminal on Network and Line Settings To Configure the Terminal Network Connection Host ConfigurationTo Configure the Terminal Line Connection Host ConfigurationSSH Username To Configure Host SettingsRemote Address Remote PortDNS Settings Services SettingsTo View or Configure DNS Settings DNS SettingsSyslog Settings FTP SettingsTo Configure FTP Settings FTP SettingsTo View or Configure Syslog Settings Http SettingsHttp Settings Http Settings DescriptionTo Configure Http Settings To Configure Http Authentication RSS SettingsHttp Authentication Settings RSS SettingsTo Configure RSS Settings SSH Settings Security SettingsRSS Settings Description SSH Server Host KeysSSH Client Known Hosts SSH Server Authorized UsersSSH Client Known Hosts SSH Client Users Remote CommandSSH Server Authorized Users SSH Client UsersTo Configure SSH Settings SSL SettingsCertificate Generation Description Settings Certificate and Key Generation SettingsCertificate and Key Generation To Create a New CredentialTo Configure an Existing SSL Credential Certificate Upload SettingsUpload Certificate Settings Upload Description Certificate SettingsTrusted Authority Settings Trusted AuthoritiesTo Upload an Authority Certificate Filesystem Settings Maintenance and Diagnostics SettingsFile Display Settings File DisplayFile Transfer Settings File Modification SettingsFile Modification File TransferIP Settings Protocol Stack SettingsTo Configure IP Network Stack Settings IP Network Stack SettingsTo Configure Icmp Network Stack Settings Icmp SettingsARP Settings To Configure ARP Network Stack SettingsTo Configure Smtp Network Stack Settings Smtp SettingsTo Configure Query Port Settings Query Port SettingsHardware To View Hardware Information DiagnosticsIP Sockets To View the List of IP Sockets10 Traceroute Settings Ping SettingsTo Ping a Remote Host Traceroute11 Log Settings To Configure the Diagnostic Log OutputLog MemoryProcesses ThreadsTo View Process Information To View Thread InformationTo Reboot or Restore Factory Defaults System Settings12 System Settings System Settings DescriptionEmail Settings Advanced SettingsTo View, Configure and Send Email Email ConfigurationBasic CLI Settings Command Line Interface SettingsTo View and Configure Basic CLI Settings CLI Configuration SettingsSSH Settings To Configure Telnet SettingsTelnet Settings SSH SettingsXML Export Configuration XML SettingsXML Exporting Configuration XML Export Configuration Description SettingsXML Export Status Description Settings To Export Configuration in XML FormatXML Export Status To Export in XML FormatImport Configuration from External File XML Import ConfigurationImport Configuration from the Filesystem To Import Configuration in XML FormatBridging Configuration To configure and enable bridgingBridging To View or Configure Bridge Settings Bridge ConfigurationBridge Settings Wlan Profile WPA & WPA2 Description Settings Include in your file configgroup name=bridge instance=br0 Public Key Infrastructure Security in DetailDigital Certificates Trusted AuthoritiesSelf-Signed Certificates Obtaining CertificatesCertificate Formats OpenSSLFree Radius Steel Belted RadiusObtaining Firmware Loading New Firmware through FTP Updating FirmwareVirtual IP VIP Configuration VIP SettingsTo Configure VIP Settings Virtual IP VIP StatusTo View VIP Counters Virtual IP VIP CountersVIP Counters VIP Counters DescriptionWeb Manager Customization Branding the PremierWave XNShort and Long Name Settings Short and Long Name CustomizationTo Customize Short or Long Names Appendix a Technical Support Technical Support USTechnical Support Europe, Middle East, Africa Converting Binary to Hexadecimal Appendix B Binary to Hexadecimal ConversionsConversion Table Scientific CalculatorAppendix B Binary to Hexadecimal Conversions Appendix C Compliance RoHS Notice Manufacturers Contact
Related manuals
Manual 1 pages 1.27 Kb