5. Copy the text and send it to your security provider. The security provider, also known
as Certification Authority or CA, signs this request and then sends you a server
certificate for the device.
6. Save the certificate to a file (e.g., cert.txt). Ensure that the file is a plain-text file
containing the"‘BEGIN CERTIFICATE" header, as shown in the example of a Base64-
Encoded X.509 Certificate below:
-----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIEAgAAADANBgkqhkiG9w0BAQQFADA/MQswCQYDVQQGEw
JGUjETMBEGA1UEChMKQ2VydGlwb3N0ZTEbMBkGA1UEAxMSQ2VydGlwb3N0ZSBT
ZXJ2ZXVyMB4XDTk4MDYyNDA4MDAwMFoXDTE4MDYyNDA4MDAwMFowPzELMAkGA1
UEBhMCRlIxEzARBgNVBAoTCkNlcnRpcG9zdGUxGzAZBgNVBAMTEkNlcnRpcG9z
dGUgU2VydmV1cjCCASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAPqd4Mz
iR4spWldGRx8bQrhZkonWnNm`+Yhb7+4Q67ecf1janH7GcN/SXsfx7jJpreWUL
f7v7Cvpr4R7qIJcmdHIntmf7JPM5n6cDBv17uSW63er7NkVnMFHwK1QaGFLMyb
FkzaeGrvFm4k3lRefiXDmuOe+FhJgHYezYHf44LvPRPwhSrzi9+Aq3o8pWDguJ
uZDIUP1F1jMa+LPwvREXfFcUW+w==
-----END CERTIFICATE-----
7. Scroll down to the Upload certificates files from your computer group, click the
Browse button corresponding to the 'Send Device Certificate...' field, navigate to the
cert.txt file, and then click Send File.
8. After the certificate successfully loads to the device, save the configuration with a
device reset (see 'Saving Configuration' on page 324); the Web interface uses the
provided certificate.
9. Open the Certificates page again and verify that under the Certificate information
group (at the top of the page), the 'Private key' read-only field displays "OK";
otherwise, consult your security administrator:
Figure 9-2: Private key "OK" in Certificate Information Group
10. If the device was originally operating in HTTPS mode and you disabled it in Step 2,
then return it to HTTPS by setting the 'Secured Web Connection (HTTPS)' parameter
to HTTPS Only, and then reset the device with a flash burn.
Notes:
• The certificate replacement process can be repeated when necessary
(e.g., the new certificate expires).
• It is possible to use the IP address of the device (e.g., 10.3.3.1) instead
of a qualified DNS name in the Subject Name. This is not recommended
since the IP address is subject to change and may not uniquely identify
the device.
• The device certificate can also be loaded via the Automatic Update
Facility by using the HTTPSCertFileName ini file parameter.
9.2 Loading a Private Key
The device is shipped with a self-generated random private key, which cannot be extracted
from the device. However, some security administrators require that the private key be
generated externally at a secure facility and then loaded to the device through
configuration. Since private keys are sensitive security parameters, take precautions to
To Next Page
Loading...
Need help?
General
