5.5.4 Certificate
The IP ACCESS SWITCH LITE uses the Secure Socket Layer (SSL) protocol for any encrypted
network traffic between itself and a connected client. During the connection establishment the
IP ACCESS SWITCH LITE has to expose its identity to a client using a cryptographic certificate.
This certificate and the underlying secret key is the same for all IP ACCESS SWITCH LITE units
and certainly will not match the network configuration that will be applied to the IP ACCESS
SWITCH LITE by its user. The certificate's underlying secret key is also used for securing the
SSL handshake. Hence, this is a security risk (but far better than no encryption at all).
However, it is possible to generate and install a new certificate that is unique for a particular IP
ACCESS SWITCH LITE. In order to do this, the IP ACCESS SWITCH LITE is able to generate
a new cryptographic key and the associated Certificate Signing Request (CSR) that needs to be
certified by a certification authority (CA). A certification authority verifies that you are the person
you claim you are, and signs and issues a SSL certificate to you.
The following steps are necessary to create and install an SSL certificate for the IP ACCESS
SWITCH LITE:
1. Create an SSL Certificate Signing Request using the panel shown in the screen shot
above. You need to fill out a number of fields that are explained on the
next page.
Once
this is done, click on the
Create
button to initiate the Certificate Signing Request
generation. The CSR can be downloaded to your administration machine with the
Download CSR
button
(see the illustration on the next page).
2. Send the saved CSR to a CA for certification. You will get the new certificate from the CA
after a more or less complicated traditional authentication process (depending on the
CA).
3. Upload the certificate to the IP ACCESS SWITCH LITE switch using the
Upload
button.
45
Summary of Contents for 39405
Page 2: ......