Lindy 39632, 39636 Create, Upload, Certificate, Common name, Download CSR, Organization, Locality/City, State/Province, Country (ISO code), Challenge Password

The CAT-32 IP uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. During the connection establishment the CAT-32 IP has to expose its identity to a client using a cryptographic certificate.

This certificate and the underlying secret key is the same for all CAT-32 IP units and certainly will not match the network configuration that will be applied to the CAT-32 IP by its user. The certificate's underlying secret key is also used for securing the SSL handshake. Hence, this is a security risk (but far better than no encryption at all).

However, it is possible to generate and install a new certificate that is unique for a particular CAT-32 IP. In order to do this, the CAT-32 IP is able to generate a new cryptographic key and the associated Certificate Signing Request (CSR) that needs to be certified by a certification authority (CA). A certification authority verifies that you are the person you claim you are, and signs and issues a SSL certificate to you.

The following steps are necessary to create and install an SSL certificate for the CAT-32 IP:

1.Create an SSL Certificate Signing Request using the panel shown in the screen shot above. You need to fill out a number of fields that are explained on the next page. Once this is done, click on the Create button to initiate the Certificate Signing Request generation. The CSR can be downloaded to your administration machine with the Download CSR button (see the illustration on the next page).

2.Send the saved CSR to a CA for certification. You will get the new certificate from the CA after a more or less complicated traditional authentication process (depending on the CA).

3.Upload the certificate to the CAT-32 IP switch using the Upload button.

After completing these three steps, the CAT-32 IP has its own certificate that is used to identify it to its clients.

Note: If you destroy the CSR on the KVM over IP module there is no way to get it back! In case you deleted it by mistake, you have to repeat the three steps as described previously.

This is the network name of the CAT-32 IP once it is installed in the user's network It is identical to the name that is used to access the CAT-32 IP with a web browser (without the “ http:// ” prefix). In case the name given here and the actual network name differ, the browser will pop up a security warning when the CAT-32 IP is accessed using HTTPS.

This field is used for specifying to which department within an organization the CAT-32 IP belongs.

The name of the organization to which the CAT-32 IP belongs.

The city where the organization is located.

The state or province where the organization is located.

The country where the organization is located. This is the two-letter ISO code, e.g. DE for Germany, or US for the USA.

Some certification authorities require a challenge password to authorize later changes on the certificate (e.g. revocation of the certificate). The minimal length of this password is 4 characters.