84 - DeviceMaster Security DeviceMaster Installation and Configuration Guide: 2000594 Rev. F
Key and Certificate Management
DH Key pair used by SSL
servers
This is a private/public key pair that is used by some cipher suites to encrypt
the SSL/TLS handshaking messages.
Note: Possession of the private portion of the key pair allows an eavesdropper to
decrypt traffic on SSL/TLS connections that use DH encryption during
handshaking.
Client Authentication
Certificate used by SSL
servers
If configured with a CA certificate, the DeviceMaster requires all SSL/TLS
clients to present an RSA identity certificate that has been signed by the
configured CA certificate. As shipped, the DeviceMaster is not configured with a
CA certificate and all SSL/TLS clients are allowed.
See Client Authentication
on Page 75 for more detailed information
• All DeviceMaster units are shipped from the factory with identical configurations. They all have the
identical, self-signed, Comtrol Server RSA Certificates, Server RSA Keys, Server DH Keys, and no Client
Authentication Certificates.
• For maximum data and access security, you should configure all DeviceMaster units with custom
certificates and keys.
Key and Certificate Management Option Descriptions (Continued)
To Next Page
Loading...
