4.4 certificate – Raloy IP Functions for KVM User Manual

26

3-4.4 Certificate

The IP module uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself

and a connected client. During the connection establishment the IP module has to expose its identity to a

client using a cryptographic certificate. The default certificate comes with IP MODULE device upon delivery

is for testing purpose only. System administrator should not rely on this default certificate as the secured

global access mechanism through Internet.

However, it is possible to generate and install a new base64 X.509 certificate that is unique for a particular

IP module. In order to do that, the IP module is able to generate a new cryptographic key and the

associated Certificate Signing Request (CSR) that needs to be certified by a certification authority (CA). A

certification authority verifies that you are the person who you claim you are, and signs and issues a SSL

certificate to you.

The following steps are necessary to create and install a SSL certificate for the IP

module:

■ Create a SSL Certificate Signing Request using the panel shown below. You need to fill out a number

of fields that are explained below. Once this is done, click on the button “Create” which will initiate the

Certificate Signing Request generation. The CSR can be downloaded to your administration machine

with the “Download CSR” button.

■ Send the saved CSR string to a CA for certification. You will get the new certificate from the CA after a

more or less complicated traditional authentication process (depending on the CA).

■ Upload the certificate to the IP module using the “Upload” button as shown below.