In the ssl1000 – Visara SSL1000 User Manual

707092-001

3-3

Chapter 3. SSL1000 Overview

Certificates in the SSL1000

The SSL1000 comes with three digital certificates:

• An “SSL1000” server certificate for the SSL proxy (for TN3270 mappings)
• An “SSL1000” server certificate for the web server (for administration)
• A Root Certificate Authority (CA) certificate from the Visara Certificate Authority,

who issued the other two.

A server certificate will be sent to the client during each SSL connection that is negotiated.
The Root CA certificate is available to download through the web server. If you install
the CA certificate then all certificates issued by that CA will be trusted.

Note:

Because Visara ships all these units with the same server certificates, you cannot
rely on the built-in certificates for authentication. The built-in certificate should
only be used to facilitate Encryption, and not to verify the identity of the server.
Visara International, Inc. assumes no responsibility for loss of security or
intellectual properties due to unsafe certificate management. To secure the
identity of your SSL1000, you should obtain a valid server certificate from a
trusted Certificate Authority.

The steps required to obtain a server certificate from a trusted CA are beyond the scope
of this Overview. But there are directions later in this manual for importing the certificate
once it is obtained.