88
GENERAL
D400 SUBSTATION GATEWAY USER’S MANUAL
SETTING UP SECURE WEB ACCESS
CHAPTER 6: SETTING UP THE D400
To obtain a certificate, you need to create and send a Certificate Signing Request (CSR) to
the CA. At the same time you create the CSR, you will also be creating a private key. The
CSR and the provided certificate and private key are supplied in individual text files,
typically named
server.csr
,
server.crt
and
server.key
respectively.
To obtain a security
certificate and private
key
Contact a certification authority to request a certificate and to create your private key.
When making your CSR request, provide the host name of the D400 (the full name that
users will enter in the Web browser to connect to the D400) for the certificate's "Common
Name", and specify a non-encrypted private key file.
TIP
When you receive your certificate and private key, you should create a back up copy and
store it in a secure place other than the D400.
Installing the certificate and key
Once you have obtained your security certificate and private key, you can install them on
the D400 in two ways:
•
Secure Copy - requires a PC with an installed Secure Copy Program (SCP) and a
network connection to the D400
•
USB Portable Memory Device - requires local access to the D400
Before installing the certificate and key, check that the files are named as follows and
rename if necessary:
•
Certificate is
server.crt
•
Private key is
server.key
To install using Secure
Copy
1.
Start the Secure Copy Program.
2.
Connect to and log in to the D400 using your network connection.
3.
Using the Secure Copy Program, copy the
server.crt
and
server.key
files to the
following directory on the D400:
/mnt/usr/D400_SysConfig/Certificate
4.
Reboot the D400. See “Shutting down the D400” on page 98.
To install from the
USB drive
1.
Copy the
server.crt
and
server.key
files to the root directory of the USB drive.
2.
Insert the USB drive into one of the front USB ports on the D400.
3.
Start a terminal session and log in to the D400.
4.
At the D400 command prompt, enter the following commands:
mkdir /mnt/usbdrive
mount -t vfat /dev/sda1 /mnt/usbdrive
cp /mnt/usbdrive/server.crt /mnt/usr/_SysConfig/Certificate
cp /mnt/usbdrive/server.key /mnt/usr/_SysConfig/Certificate
sync
umount /dev/sda1
5.
Remove the USB drive.
6.
Reboot the D400. See “Shutting down the D400” on page 98.
TIP
Since a USB drive could be lost or stolen, it is recommended you remove the private key
and certificate from the USB drive once you are done installing them on the D400.
Once you have installed and set up your security certificate, your secure Web access with
the D400 is enabled. From this point on, whenever you access the D400 HMI using a Web
browser, the D400 will automatically send you its Web site certificate, and your Web
browser will display a lock icon on the status bar. This indicates that you have a secure
connection with the D400.