Using the Digi Connect and ConnectPort TSFamily web interface Administration
Digi Connect Family and ConnectPort TSFamily
48
Security type Table Used to load
X.509 Certificate
Authority/Certificate
Revocation
CA(Certificate
Authority)
Certificate authority digital certificates. A
certificate authority (CA) isa trusted third party
that issues digital certificates for use by other
parties. Digital certificates issued by the CA
contain a public key. Thecertificate contains
information about the individual or organization
to which the public key belongs. ACAverifies
digital certificate applicants' credentials. TheCA
certificate allows verification of digital
certificates, and the information contained
therein, issued by that CA.
CRL (Certificate
Revocation List)
Certificate revocation lists for loaded CAs. A
certificate revocation list (CRL) isa file that
containsthe serial numbers of digital certificates
issued by a CAwhich have been revoked, and
should no longer be trusted. LikeCAs, CRLs are a
vital part of a public key infrastructure (PKI). You
must install the digital certificate of the
corresponding CAbefore you load the CRL.
Secure Sockets Layer (SSL)
and Transport Layer
Security (TLS)
SSL Identity SSL/TLSidentity certificates. Adefault key is
generated automatically but can beoverridden
by a user. Note that thisdefault key is not
secure.
SSL Identity Keys SSL/TLSidentity private keys.
SSL Peer SSL/TLSpeer certificates.
SSL Revoked Verbatim revoked SSL/TLScertificates.
Secure Shell (SSHv2) SSH Host Keys
Table
SSHv2 identity private keys. Used for
authentication with SSHv2 clientsand secure key
exchange. Adefault 1024-bit DSAkey is
generated automatically if none existswhen the
device boots. Thereis no certificate for SSHv2,
just private key data.
Behavior of SSH/SSLprivate keyson Digi device
Digi devices generate their SSH/SSL self-signed private keys automatically. While this automatic
generation isconvenient for device users, as they are not required perform any actionsregarding the
private keys, it presentssome security loopholes.
n
With self-signed private keys, you must establish trust in a secure environment. That is, if you
cannot guarantee that the environment issecure, you must pull the private keys off the Digi
device.
n
You must know about thecertificate before you connect, asopposed to third-party signed
certificates, where you only need the third-party certificate.
n
Thelength of a Digi device’sself-signed private keys is 1024 bits. While thislength isadequate
for 99.9% of all applications, some people or applications prefer a shorter or longer key.
To Next Page
Loading...
Need help?
General
