2.13.6.2 About HTTPS
HTTPS provides secure/encrypted, web-based management and configuration of SecureSync
from a PC. In order to establish a secure HTTPS connection, an SSL certificate must be stored
inside the SecureSync unit.
SecureSync uses the OpenSSL library to create certificate requests and self-signed certificates.
The OpenSSL library provides the encryption algorithms used for secure HTTP (HTTPS). The
OpenSSL package also provides tools and software for creating X.509 Certificate Requests,
Self Signed Certificates and Private/Public Keys. For more information on OpenSSL, please
see www.openssl.org.
Once you created a certificate request, submit the request to an external Certificate Authority
(CA) for the creation of a third party verifiable certificate. (It is also possible to use an internal
corporate Certificate Authority.)
If a Certificate Authority is not available, or while you are waiting for the certificate to be
issued, you can use the default Spectracom self-signed SSL certificate that comes with the unit
until it expires, or use your own self-signed certificate. The typical life span of a certificate (i.e.,
during which HTTPS is available for use) is about 10years.
Note: If deleted, the HTTPS certificate cannot be restored. A new certificate will
need to be generated.
Note: In a Chrome web browser, if a valid certificate is deleted or changed such
that it becomes invalid, it is necessary to navigate to Chrome's Settings> More
Tools> Clear browsing data> Advanced and clear the Cached images and files in
the history. Otherwise Chrome's security warnings may make some data unavail-
able in the Web UI.
Note: If the IP Address or Common Name (Host Name) is changed, you need to
regenerate the certificate, or you will receive security warnings from your web
browser each time you log in.
2.13.6.3 Supported Certificate Formats
SecureSync supports X.509 PEM and DER Certificates, as well as PKCS#7 PEM and DER format-
ted Certificates.
You can create a unique X.509 self-signed Certificate, an RSA private key and X.509 cer-
tificate request using the WebUI. RSA private keys are supported because they are the most
widely accepted. At this time, DSA keys are not supported.
2.13 Configuring Network Settings
CHAPTER 2 • SecureSync User Reference Guide Rev. 26
67
To Next Page
Loading...
Need help?
General
