14: Security in Detail

the exception of the root CA. This way, trust is transferred along the chain, from the root CA through any number of intermediate authorities, ultimately to the agent that needs to prove its authenticity.

Obtaining Certificates

Signed certificates are typically obtained from well-known CAs, such as VeriSign. This is done by submitting a certificate request for a CA, typically for a fee. The CA will sign the certificate request, producing a certificate/key combo: the certificate contains the identity of the owner and the public key, and the private key is available separately for use by the owner.

As an alternative to acquiring a signed certificate from a CA, you can act as your own CA and create self-signed certificates. This is often done for testing scenarios, and sometimes for closed environments where the expense of a CA-signed root certificate is not necessary.

Self-Signed Certificates

A few utilities exist to generate self-signed certificates or sign certificate requests. The PremierWave XC also has the ability to generate its own self-signed certificate/key combo. You can use XML to export the certificate in PEM format, but you cannot export the key. Hence the internal certificate generator can only be used for certificates to identify that particular PremierWave XC.

Certificate Formats

Certificates and private keys can be stored in several file formats. Best known are PKCS12, DER and PEM. Certificate and key can be in the same file or in separate files. Additionally, the key can be either be encrypted with a password or left in the clear. However, the PremierWave XC currently only accepts separate PEM files, with the key unencrypted.

Several utilities exist to convert between the formats.

OpenSSL

OpenSSL is a widely used open source set of SSL related command line utilities. It can act as server or client. It can also generate or sign certificate requests, and can convert from and to several different of formats.

OpenSSL is available in binary form for Linux and Windows. To generate a self-signed RSA certificate/key combo:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mp_key.pem -out mp_cert.pem

See www.openssl.org or www.madboa.com/geek/openssl for more information.

Note: Signing other certificate requests is also possible with OpenSSL but the details of this process are outside the scope of this document.

PremierWave XC User Guide

96

Page 95 Page 97
Page 96
Image 96
Lantronix 900-598 manual Obtaining Certificates, Self-Signed Certificates, Certificate Formats, OpenSSL
Page 95 Page 97

900-598 specifications

The Lantronix 900-598 is a powerful and versatile device designed to facilitate robust data communication and management for industrial and commercial applications. At the heart of the 900-598 lies its advanced networking capabilities, making it an essential tool for IoT implementations, operational efficiency, and remote device management.

One of the main features of the Lantronix 900-598 is its ability to provide secure and reliable connectivity. The device supports various communication protocols, including serial and Ethernet, enabling seamless integration with a wide array of devices across diverse environments. This flexibility allows users to connect legacy equipment to modern networks, thereby extending the life of existing technologies while enhancing operational capabilities.

The Lantronix 900-598 is equipped with robust security measures to protect sensitive data during transmission. It supports encryption protocols, such as SSL and SSH, ensuring that data remains confidential and secure from unauthorized access. This security is crucial for industries dealing with sensitive information, such as healthcare, finance, and manufacturing, where data breaches can have severe repercussions.

Another notable characteristic of the 900-598 is its ease of use. The device features a user-friendly interface that simplifies setup and configuration. Additionally, it supports remote access and management, allowing users to monitor and control devices from virtually anywhere. This remote management capability is particularly advantageous for organizations with distributed operations, enabling them to maintain oversight without needing to be physically present at each location.

In terms of performance, the Lantronix 900-598 offers high-speed data transfer rates, which are essential for real-time applications. It is designed to handle large volumes of data efficiently, making it suitable for applications that require quick responses and minimal latency. The device ensures reliable operation through features like error correction and data integrity monitoring.

Lastly, the Lantronix 900-598 is built to withstand challenging environmental conditions, thanks to its rugged design. This durability makes it suitable for deployment in harsh industrial settings, where exposure to dust, moisture, and extreme temperatures is common.

In conclusion, the Lantronix 900-598 stands out as an advanced solution for data communication and device management. Its combination of secure connectivity, ease of use, high performance, and durability makes it an excellent choice for businesses looking to modernize their operations and embrace the future of IoT and remote management. With its extensive features and robust technologies, the 900-598 is poised to enhance productivity and streamline processes across various industries.
Top Page Image Contents