6–14 MULTINET4 MULTI-PORT SERIAL SERVER & MANAGED SWITCH – INSTRUCTION MANUAL
OPERATIONAL GUIDE CHAPTER 6: OPERATIONAL GUIDE
When an SSL connection is first established, a handshake protocol is executed. The
handshake accomplishes the following:
• negotiates connection parameters
• optionally authenticates the peer
• determines a shared master secret
If the handshake succeeds, data transferred over the connection is now encrypted using
the negotiated encryption algorithm and the shared master secret.
For more detailed information on SSL see the following texts:
Rescorla, Eric. SSL and TLS: Designing and Building Secure Systems, Addison Wesley, ISBN
0201615983.
Viega, John. Messier, Matt. Pravir, Chandra. Network Security with OpenSSL, O'Reilly Media
Inc., ISBN 0-596-00270-X.
6.5.2.2 Multinet4 SSL Version Support
Each terminal server connection on a Multinet4 product may be authenticated and
encrypted using SSL. The product supports the following versions of SSL:
•SSLv3
•TLSv1
SSLv2 has many known vulnerabilities and is not supported.
6.5.2.3 Secure Web Server using HTTP over SSL (https://)
Secure Sockets Layer (SSL) and its successor, Transport Layer Security, defined in RFC 2246,
(TLS) are cryptographic protocols to protect traffic on the Internet.
SSL and non-SSL access to the web server is always available. The system is shipped with a
default web server key and certificate. We recommend that you generate and install a
new key file. You can do this by uploading the file to the keys page and then selecting the
new key on the web server configuration page. No reboot is necessary for the change to
take effect.
6.5.3 Keys and Certificates
Multinet4 supports RSA public key encryption and x.509 certificates. RSA is a widely-used
algorithm for public key encryption. X.509 is an International Telecommunication Union
Telecommunication Standardization Sector (ITU-T) standard for public key infrastructure
(PKI).
Multinet4 uses keys and certificates encoded using the Privacy enhanced Mail (PEM)
format. These files conventionally use the .pem extension.
A PEM file containing both a valid X.509 certificate chain and a valid RSA private key is
treated as a certificate file. Manage these files with the 4.8.1.1: Certificates: Local screen
and the 4.8.1.2: Certificates: Trusted.
For an extended discussion and examples of key file and certificate file generation see
section 6.5.3.9: Certificate and Key File Generation.
To Next Page
Loading...
