9424200996 50-5
BE1-11m Security
Figure 50-5. Security Log
Authenticity and Encryption
The BE1-11m supports authentication and encryption of communications with BESTCOMSPlus. This is
done using the Transport Layer Security protocol, version 1.2 (TLS 1.2). To enable this mode, an X.509
certificate and private key must be uploaded to the BE1-11m.
In TLS 1.2, a certificate is used to verify the authenticity of the server (BE1-11m). The supported
certificate formats are Standard PEM, DER/Binary, and PFX (PKCS#12). The BE1-11m supports RSA
encryption up to 8192 bit keys. The recommended key length is 2048 as longer keys will slow the initial
connection. DER and PEM formats commonly have the private key stored in a separate file. If this is the
case, you will be asked for an additional file containing the key. If a password is required for the key, you
will also need to enter it into the form. It is recommended that certificates be uploaded over a trusted
connection or through the USB port.
Generate a Certificate
BESTCOMSPlus is used to generate a self-signed X.509 certificate for use in identifying a connected
device. In order for the certificate to work, the common name must match the domain name or the IP
address of the device. Alternate names can be used if multiple domain names match the device. The
valid dates specify how long the certificate may be used. A new certificate should be issued after one
expires.
To generate a certificate, click on the Tools drop-down menu in BESTCOMSPlus and select Generate
Certificate. Fill in all applicable fields. A password is optional. Click Save to generate a .pfx file which is
the certificate and the private key required to upload to the BE1-11m.
Self-signed certificates can be less secure than using a Certificate Authority to sign the certificate for the
device. It will allow encryption from end to end. Use caution when choosing this method. Distribution of
the generated file compromises security.
To Next Page
Loading...
Need help?
General
