Digi Connect and ConnectPort TS Family web interface Administration
Digi Connect Family and ConnectPort TS Family
100
Security type Table Used to load
X.509 Certificate
Authority/Certificate
Revocation
CA (Certificate
Authority)
Certificate authority digital certificates. A
certificate authority (CA) is a trusted third party
that issues digital certificates for use by other
parties. Digital certificates issued by the CA
contain a public key. The certificate contains
information about the individual or organization
to which the public key belongs. A CA verifies
digital certificate applicants' credentials. The CA
certificate allows verification of digital
certificates, and the information contained
therein, issued by that CA.
CRL (Certificate
Revocation List)
Certificate revocation lists for loaded CAs. A
certificate revocation list (CRL) is a file that
contains the serial numbers of digital certificates
issued by a CA which have been revoked, and
should no longer be trusted. Like CAs, CRLs are a
vital part of a public key infrastructure (PKI). You
must install the digital certificate of the
corresponding CA before you load the CRL.
Secure Sockets Layer (SSL)
and Transport Layer
Security (TLS)
SSL Identity SSL/TLS identity certificates. A default key is
generated automatically but can be overridden
by a user. Note that this default key is not
secure.
SSL Identity Keys SSL/TLS identity private keys.
SSL Peer SSL/TLS peer certificates.
SSL Revoked Verbatim revoked SSL/TLS certificates.
Secure Shell (SSHv2) SSH Host Keys
Table
SSHv2 identity private keys. Used for
authentication with SSHv2 clients and secure
key exchange. A default 1024-bit DSA key is
generated automatically if none exists when the
device boots. There is no certificate for SSHv2,
just private key data.
Behavior of SSH/SSL private keys on Digi device
Digi devices generate their SSH/SSL self-signed private keys automatically. While this automatic
generation is convenient for device users, as they are not required perform any actions regarding the
private keys, it presents some security loopholes.
n With self-signed private keys, you must establish trust in a secure environment. That is, if you
cannot guarantee that the environment is secure, you must pull the private keys off the Digi
device.
n You must know about the certificate before you connect, as opposed to third-party signed
certificates, where you only need the third-party certificate.
n The length of a Digi device’s self-signed private keys is 1024 bits. While this length is adequate
for 99.9% of all applications, some people or applications prefer a shorter or longer key.
To Next Page
Loading...
Need help?
General