Avocent PS/2 KVM manual Security settings, SSL Certificate Management

Single port PS2 KVM over IP

5.4.1.1 SSL Certificate Management

PS/2 KVM over IP switch uses the SSL protocol for any encrypted network traffic between itself and a connected client. During connection establishment, PS/2 KVM over IP switch has to expose its identity to a client using a cryptographic certificate. Upon delivery, this certificate is the same for all PS/2 KVM over IP switches ever produced and certainly won’t match the network configurations that will be applied to the devices by its user. The certificate’s underlying secrete (private) key is also used for securing the SSL handshake. Hence, this is a security risk (but far better than no encryption at all).

However, it is possible to generate and install a new certificate that is unique for a particular device. In order to do that, PS/2 KVM over IP switch is able to generate a new cryptographic key and the associated so called Certificate Signing Request that needs to be certified by a so called certification authority (CA). A certification authority verifies that you are who you claim you are and signs and issues a SSL certificate to you.

The following steps are necessary to create and install a PS/2 KVM over IP switch SSL certificate:

1.Create a SSL Certificate Signing Request using the panel shown in Figure 5.9 (Security Settings -> SSL Settings -> Create your own SSL certificate). You need to fill out a number of fields that are explained above. Once this is done, click ‘Create CSR’ which will initiate the