Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual

127

2.

Load the CA Certificate in every Cobalt device. Figure 9 shows how to do this.

3.

Do one of the following:

a.

Generate matched Key/Certificate pairs (signed by the CA) for each Cobalt
device, and upload these using the process shown in Figure 6.
or

b.

Generate a CSR in each Cobalt device using the process shown in Figure 7. Have
the CA process the CSR to generate a certificate. Upload the certificate back into
the Cobalt device using the process shown in Figure 6.

4.

Configure the Cobalt device to use the user-supplied credentials, as shown in Figure 5.

The most secure is 3(3.b) above, since keys are never transmitted anywhere. However, it is the
most labor-intensive. This process is illustrated in Figure 8.

The process of loading an external CA certificate in the Cobalt device (Step 2) is shown in
Figure 9:



Open the device’s web page and select Click here for RIST Authentication Management.



In the

Uploading an External CA Certificate

, use the

Browse

button to find the PEM

file with the certificate.



Enter the device password and click on the

Upload CA Certificate

button.

The device will check out the certificate for correctness and validity, and, if accepted, will save
it. If the certificate is accepted, it can now be selected in DashBoard, as shown in Figure 9.

Figure 8: Using an external Certificate Authority

KEY

Secret

CA CERTIFICATE

Public

CERTIFICATE AUTHORITY

KEY

Secret

CERTIFICATE

Public

CSR

Public

CERTIFICATE

Public

Step 2

Step 1

Step 3(a)

Step 3(b)

DEVICE

DEVICE