NB3700 User Manual 3.8
Parameter Certificate Configuration
Common Name (CN) The certificate owner’s common name, mainly used to iden-
tify a host
E-Mail The certificate owner’s email address
Expiry period The number of days a certificate will be valid from now on
Key size The length of the private key in bit
Passphrase The passphrase for accessing/opening a private key
Please be aware of the fact, that the local random number generator (RNG) provides
pretty good randomness for most applications. If stronger cryptography is mandatory,
we suggest to create the keys at an external RNG device or manage all certificates com-
pletely on a remote certification server. Nevertheless, using a local certificate authority
can issue and manage all required certificates and also run a certificate revokation list
(CRL).
When importing keys, the certificate and key file can be uploaded individually encoded
in PEM/DER or PKCS7 format. All files (CA certificate, certificate and private key)
can also be uploaded in one stroke by using the container format PKCS12. RSA/DSS
keys can be converted from OpenSSH or Dropbear formats. It is possible to specify the
passphrase for opening the private key. Please note that the system will generally apply
the system-wide certificate passphrase on a key when installing the certificate. Thus,
changing the general passphrase will result in all local keys getting equipped with the
new one.
SCEP Configuration
If certificates are getting enrolled by using the Simple Certificate Enrollment Protocol
(SCEP) the following settings can be configured:
Parameter SCEP Configuration
SCEP status Specifies whether SCEP is enabled or not
URL The SCEP URL, usually in the form
http://<host>/<path>/pkiclient.exe
CA fingerprint The fingerprint of the certificate used to identify the remote
authority. If left empty, any CA will be trusted.
Fingerprint algorithm The fingerprint algorithm for identifying the CA (MD5 or
SHA1)
Poll interval The polling interval in seconds for a certificate request
155
To Next Page
Loading...
