It infrastructure rap/rac1000 – ADS-TEC RAP/RAC1000 User Manual User Manual

Page 179

IT Infrastructure RAP/RAC1000

179

Go to the web interface „Configuration / General Settings / Certificates“, click on
„Browse“ and select the CRL. Then upload the file onto the device via „Upload

Certificate“.

All installed and integrated certificates are verified against the new CRL. If you want to

trust a previously revoked certificate, select this specific certificate in the XCA by a right
click and change its status to „Regain Trust“ . Further, create a new CRL by exporting

and uploading as described above.

If the copy of the certificate is on your device, you will notice that the status in the web

interface has also changed into „Regain Trust“.

This may be useful to temporarily deny VPN access for certain users and machines.

Note:

•

Even if the validity period of a revocation list is expired, it is used to verify the

certificates as long as there is no updated CRL available.

•

The revocation lists on the device (at last one for each CA) should be kept up to

date as far as possible in order to prevent the formation of security gaps due to

lost certificates.

NCREASED

ECURITY WITH

DH:

For security reasons, it is recommended to use XCA with an independent DH file.

This can be realised with OpenSSL.
If you do not have it yet, you can download OpenSSL with standard options under the
following link:

http://www.openssl.org/related/binaries.html

After installation, select “Start & Execute” in the start menu. Enter “CMD” here and then

press the Enter key.

Now open the directory: C:\OpenSSL-Win32\bin\ and enter the following command:
openssl dhparam -out dh1024.pem 1024