EasyManua.ls Logo

Crestron Electronics CP4N - Page 181

Default Icon
220 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Product Manual Doc. 8559B 4-Series™ Control Systems 175
Turn on TLS with the CA-Signed Certificate
To turn on TLS with the CA-signed certificate:
1.
Issue the ssl ca command in the control system console.
NOTE:Neither a password nor a private key are required when the certificate
originated from a createcsr command within the same device.
2.
Issue the reboot command to restart the control system.
Externally-Generated Certificate Requests
The following procedures are used to load an a CA-signed certificate to the control system when
the certificate request was not created with the creatcsr command. In this case, the CA will
provide a private key along with the signed certificate.
The following certificate files are required for deployment on the control system. These files are
generally provided by the IT administrator:
l
Private key in .pem format
l
CA-signed certificate in .pem format
l
Certificates for each CA in the signing chain, with one certificate per file
As a best practice, maintain certificates and keys in a secure location other than the control
system. If the control system ever needs to be restored to defaults or replaced with a new unit,
the installed certificate and key may be lost.
NOTE:If the CA sends all signing certificates in a single file, it will be necessary to use an
editor to extract and store each certificate individually. Each certificate in such a PEM
bundle is delimited by “BEGIN CERTIFICATE” and “END CERTIFICATE” headers. These
headers must be included in each CA certificate file, along with the PEM data between them.
Load the Certificate Files
To upload the externally-signed certificate to the control system:
1. If there are multiple certificates in the signing chain, install each non-root certificate in the
intermediate store as described in Add a Certificate (on page169).
2. Rename the remaining three certificate files as follows:
l
Rename the private key file to “srv_key.pem”.
l
Rename the signed certificate file to “srv_cert.cer”.
l
Rename the root certificate file to “rootCA_cert.cer”.
3. Use an SFTP client to copy the three certificate files to the \user directory on the control
system.
4. Connect to the control system via SSH or Crestron Toolbox.
5.
Issue the delete \sys\rootCA_cert.cer, delete \sys\srv_cert.cer, and delete
\sys\srv_key.pem commands to delete any existing certificate files.

Table of Contents

Related product manuals