![](/images/new-backgrounds/1192352/19235251x1.webp)
Single port PS2 KVM over IP
| Figure 5.8: Security settings |
|
|
Parameter | Description |
Force HTTPS | If this option is enabled access to the web |
| an HTTPS connection. PS/2 KVM over IP switch won’t listen on the |
| HTTP port for incoming connections. In case you want to create your own |
| SSL certificate that is used to identify this PS/2 KVM over IP switch refer |
| to Section 5.4.1.1. |
KVM encryption | This option controls the encryption of the RFB protocol, the protocol used |
| by the Remote Console to transmit the screen data to the administrator |
| machine and keyboard and mouse data back to the host. |
| If set to ‘Off’ no encryption will be used. |
| If set to ‘Try’ the applet tries to make an encrypted connection. In case |
| connection establishment fails for any reason an unencrypted connection |
| will be used. |
| If set to ‘Force’ the applet tries to make an encrypted connection. An error |
| will be reported in case connection establishment fails. |
| Table 5.3: Security parameters |
5.4.1.1 SSL Certificate Management
PS/2 KVM over IP switch uses the SSL protocol for any encrypted network traffic between itself and a connected client. During connection establishment, PS/2 KVM over IP switch has to expose its identity to a client using a cryptographic certificate. Upon delivery, this certificate is the same for all PS/2 KVM over IP switches ever produced and certainly won’t match the network configurations that will be applied to the devices by its user. The certificate’s underlying secrete (private) key is also used for securing the SSL handshake. Hence, this is a security risk (but far better than no encryption at all).
However, it is possible to generate and install a new certificate that is unique for a particular device. In order to do that, PS/2 KVM over IP switch is able to generate a new cryptographic key and the associated so called Certificate Signing Request that needs to be certified by a so called certification authority (CA). A certification authority verifies that you are who you claim you are and signs and issues a SSL certificate to you.
The following steps are necessary to create and install a PS/2 KVM over IP switch SSL certificate:
1.Create a SSL Certificate Signing Request using the panel shown in Figure 5.9 (Security Settings