Intellinet Network Solutions 524100 user manual Certificates and Keys, Viewer Connections

Page 32

Certificates and Keys

Certificates are only needed if you intend to implement full PKI authentication for the viewer connections. If an SSL-encrypted session is already enough for your security requirements, you can just ignore this aspect of PKI authentication. Where can you get the certificates? There is a default set of certificates on your support CD. You can use them to practice the certificate uploads. In a real-world scenario, you can generate the certificates by yourself (there is some freeware or shareware, such as XCA, for this purpose); or you can buy certificates from companies that provide authentication services. The valid file names and formats of the certificates and keys to be uploaded to the switch should be exactly as shown here: root.crt, server.crt, serverkey.pem, ldapcert.crt and ldapkey.pem.

Viewer Connections

The browser connections to the Web Management interface are always using SSL connections. The viewer connections can use different levels of security.

Security Level (SSL): The switch offers three levels of security for viewer connections. From the drop-down menu, select the level appropriate for your real demands on viewer connection security: “Level 1,” “Level 2” or “Level 3.”

Level 1 uses no SSL data encryption and no authentication. It’s the most straightforward setting and offers the most convenience if there are no security concerns. Anyone who has a viewer and an Internet connection can easily connect to the switch as long as the user fulfills the password policy requests.

Level 2 uses SSL encryption for viewer connection, but only requires server authentication by the viewer client. Remote users are not required to install any certificates on their client computers. However, the viewer connection is encrypted with 256-bit SSL technology to ensure that all data contents transmitted via the viewer connection is protected, including keyboard, mouse and video signals.

Level 3 uses 256-bit encryption and a bi-directional PKI authentication between the server and viewer client. With this level of security, all remote users who want to make viewer connections must install a proper client certificate on their computer. This client certificate must come from the same CA that issued the root.crt certificate of the switch.

In all, there are nine possible combinations of viewer security levels and password policies available for the flexibility to adapt to your specific security needs.

KVM Server Password: This field will only appear if you choose to implement Level 3 security. See Page 16. Enter the password that has encrypted the server private key in the server private key file (serverkey.pem) in order to make a successful viewer connection with the switch in the Level 3 security setting. If you use the standard set of certificates provided on the included support CD, the password that encrypts the server private key is “serverpwd.” However, if you use your own set of certificates (as you should for a genuinely secure installation), you need to get the correct server password from the Certificate Authority that issued those certificates.

First, you should obtain a set of certificates from your administrator. If your certificate files have different names, change them to the valid names before uploading. To upload the certificates, click “Browse” to go to the location where your certificates reside. Select a certificate file, then click “Upload” to upload your certificates, one at a time, to the switch. After the uploading is completed, you should see the prompt page for a reboot. However, you don’t have to reboot before you have uploaded all the necessary certificates: Just reboot once after you’ve uploaded all necessary certificates: root.crt, server.crt and serverkey.pem. If you need to SSL-encrypt the LDAP connection for user remote authentication, you must upload two extra certificates: ldapcert.crt and ldapkey.pem.

User-Password Policy: The switch offers three types of password policies for selection from the drop-down menu: “No Password,” “Global Password” and “User Password.”

No Password means the viewer will not prompt you for any user password: The door is open unless you are using Level 3 security.

32

MANAGEMENT OVER A BROWSER

 

Page 31 Page 33
Image 32
Page 31 Page 33
Contents Model Page FCC Statement CE StatementTable of contents LAN/WAN Configurations System architecturePower Control Configuration PPP Configuration Restore Factory Defaults PS/2 Mouse PortConsole Management Port RJ-12 Status LEDsDigital KVM over IP Switch Setup Server ConfigurationPower Adapter Jack Side PanelAdditional Server Configuration Considerations Windows56 Hz Network Settings Port Base Settings Https//192.168.1.200.5978Installation of Certificates Installation Selection of a Security Level for Viewer Connection Selection of a User Password Policy Installation of a Win32 Viewer Installation of a Java ViewerImport a Client Certificate to a Java Viewer Importing Certificates to a Viewer on a Client ComputerImport a Client Certificate to a Win32 Viewer Viewer Connection Options Compression EncodingMisc/Session DisplayEstablishing the Viewer Connection Cursor Settings/SynchronizationSaving Connection Settings Win32 Viewer Settings Window Size AdjustmentFull Screen Mode Window Size ScalingViewer Connection Title Bar Information Select Computer BoxViewer Quick Menu Win32 ViewerNew connection Make another new connection using the viewer Video Display Troubleshooting Switch’s booting time has become unduly long. What’s wrong?When the viewer connection is made, select User Privileges SUPERADMIN, ADMIN, User Web-Based Management InterfaceDownload ViewersMain Date & Time Time ZoneInternet Time Main SecurityLocal Time Certificates and Keys Viewer ConnectionsMain LAN TCP/IP TCP/IP Settings Main WAN PPPPPP Mode PPP Server SettingsTimeout PPP Client SettingsKVM Server Log KVM Server Main Settings Video QualityAttached KVM ScanningKVM Server Viewer Connection Settings Server Name for Viewers Keyboard LayoutLargest Possible Screen Hot KeysKVM Server Computers Viewer Hot KeysMouse Resynchronize Key Double-Byte LanguagesAlarms Power ManagementPort Number Computer NameKVM Server Power Control Enable Power Control through the Serial InterfaceSimple Users Can Control Power Power Device LoginEscape Sequences Login Dialog chat styleComments KVM Server KVM Switch Database Delay Between Keys KVM ModelModel Name Number of PortsKVM Server Video Mode Database Video ModeUsers Local Database Refresh RateWidth HeightWeb Management interface and the viewers Directory Server Using Ldap Users Remote Servers User Remote AuthenticationAuthentication Server Type Radius Server Enable Radius Accounting Users Radius AccountingUsers Current Status Alarms E-mails Alarms Snmp TrapsAlarms Selection Management Over a Browser NumLock Test Alarm Frozen Keyboard Maintenance Software VersionMaintenance Software Upgrade Maintenance Configuration Save and Restore Maintenance Reboot Apply Settings Restart ServersManagement Over a Browser Power Package ContentsStandards General
Top Page Image Contents