NTI ENTERPRISE ENVIRONMENT MONITORING SYSTEM
71
X509 Certificate
The ENVIROMUX is pre-loaded with a generic X509 Server Certificate. If you wish to provide your own X509 Server certificate,
the Server certificate must be uploaded to the ENVIROMUX. The Server certificate and key must be combined in a single file
(“PEM” format).
Browse to the Server certificate file and select it. Then load using the button “Upload Server Certificate and key”.
Note: The key used should not be password protected.
X509 Client Authentication
In addition to Local and LDAP client authentication, X509 client authentication is also available. In order to use X509 client
certificate authentication, select "Certificate + Login" for the mode setting (Figure 77). X509 client certificate authentic
ation
requires the user to present client certification (this happens behind the scenes when you enter the https IP address, before you
are presented with a “Login” screen). For this to work:
1. A client certificate signed by a Certifying Authority (CA) must be loaded into the user’s browser.
2. Use “Choose File” and browse to the CA certificate (file with “.crt” extension) and select it.
3. Click on the “Upload CA certificate” button and load the CA certificate to the ENVIROMUX.
Note: The user will need to login after the X509 client certificate is validated.
The “Restore default certificate” button will restore the unit’s default self-signed certificates if needed.
Whether you are just loading your own Server Certificate, or also using client authentication
, reboot the ENVIROMUX for
this certificate to take effect.
Figure 78- Security Configuration-X509 Certificate
Note: HTTP access can be enabled/disabled from web page under Administration -> Network -> Server Settings -> Enable
HTTP (page 62). Do not disable http access until you verify certificate verification works properly for https connection.
HTTP connection will allow you to change any settings if a wrong certificate is uploaded. Once HTTPS client certificate
validation is verified to be working properly, disable HTTP access for security.
To Next Page
Loading...
Need help?
General
