NTI ENTERPRISE ENVIRONMENT MONITORING SYSTEM
92
X509 Certificate Authority
A Certificate Authority (CA) needs to be used to sign the server certificate describe above. This Certificate Authority can be
created as a self-signed certificate in "CRT" format. It can also be given to you by an external Certificate Authority in "CRT" or
"PEM" format.
For https to work properly, you must load the certificate of your CA onto the ENVIROMUX. Use the "Browse" button to browse to
the file containing the CA certificate (which may also contain an intermediate certificate) and select it. Then click on the "Upload
CA certificate" button. Please see "How to Create x509 Certificate
" for more information.
The “Restore default certificate” button will restore the unit’s default self-signed certificates if needed.
Figure 102- Security Configuration-X509 Certificate
Note: HTTP access can be enabled/disabled from web page under Administration -> Network -> Server Settings -> Enable
HTTP (page 76). Do not disable http access until you verify certificate verification works properly for https connection.
HTTP connection will allow you to change any settings if a wrong certificate is uploaded. Once HTTPS client certificate
validation is verified to be working properly, disable HTTP access for security.
X509 Client Authentication
In addition to Local and LDAP client authentication, X509 client authentication is also available. In order to use X509 client
certificate authentication, select "Certificate + Login" for the mode setting (Figure 100). X509 client cert
ificate authentication
requires the user to present client certification (this happens behind the scenes when you enter the https IP address, before you
are presented with a “Login” screen). For this to work a client certificate signed by the same Certifying Authority (CA) used to sign
the server certificate and key must be loaded into the user’s browser (see "How to Create x509 Certificate
" for more information).
Note: The user will need to login after the X509 client certificate is validated.
Whether you are just loading your own Server Certificate, or also using client authentication
, reboot the ENVIROMUX for
this certificate to take effect.
To Next Page
Loading...
Need help?
General
