124 Chapter 4 BCM50 Security Policies and Accounts and Privileges
NN40020-600NN40020-600
Security certificate
The BCM50 is delivered with a generic SSL security certificate. The self-signed certificate that is
included in BCM enables SSL encryption functionality, providing the necessary encryption keys.
There is also a facility to generate SSH certificates which are required in the setup of a SSH server
if SCP is used as a transfer method.
Security certificates rely on an NTP server for time and date information. The NTP server
synchronizes the clocks of computers over an IP network; therefore, manual time settings are
unnecessary for security certificates.
Understanding BCM50 SSL certificate properties
When you first log on to the Element Manager, a security alert appears, which indicates site
validation of the default certificate.
This security alert does not appear if you:
• add a site-specific certificate
• suppress the message on your client browser
If you want a site-specific certificate, obtain a site certificate for your system from a CA
(Certificate Authority) vendor. Certificate files must use the .PEM format. When you are provided
with a certificate and a private security key, these must be installed on the BCM50.
Site authentication
Site authentication is not provided with the generic SSL certificate. This means that the generic
SSL certificate is not signed by a recognized signing authority.
However, the SSL certificate used by the http server may be upgraded to a customer’s private SSL
certificate, which offers site certification along with the encryption. Site authentication requires
system-specific information such as an IP address, company name, and so on. A site-specific
certificate ensures that when users point their web browser at the SSL web interface, the user is no
longer asked to accept the certificate.
If the default BCM50 generic SSL certificate is used, the user is prompted to accept an unsigned
certificate.
!
Security note: Ensure that you maintain a copy of your certificate and private security
keys in a secure place, preferably offsite. This provides you with a backup if your system
ever requires data re-entry.