Manualshelf

Operating instructions

ManualsBrandsASCOM ManualsComputer equipmentTD 92375GB
21222324252627282930
TD 92579GB
2009-04-15/ Ver. B
Installation and Operation Manual
IP-DECT Base Station & IP-DECT Gateway (software version 3.0.x)
16
4.2 Introduction to IP Security in IP-DECT
A secure system requires more planning than an unsecured system.
4.2.1 Secure Web Access (https)
For IP-DECT devices
https access should be enabled
http access should preferably be disabled
For more information see 8.1.6 Configure the HTTP settings on page 50 .
4.2.2 TLS Certificates
Security in Web-based applications rely on cryptography. Cryptographical systems are only
as secure as their keys. This makes Key Management a critical and often neglected
concern. TLS Certificates have emerged as a clever way of managing large scale key
distribution.
Certificate Handling Options
There are three certificate handling options:
1 Default Device certificate
The default certificate is supplied with the device. It is a self-signed certificate. Self-
signed certificates provide only encryption, not authentication.
For more information see Default Device Certificate on page 53.
2 Self-signed certificates
This option is for customers not planning on having their certificates signed by
public or private CAs. Self-signed certificates
provide encryption but do in most
cases not provide authentication.
For more information see Self-signed Certificates on page 54.
3 Certificates signed by a Certificate Authority (CA).
Two options are possible:
A) Certificates signed by the customers own CA. Customers possessing the
knowledge and intrastructure to house their own CA could build an internal
enterprise CA, enabling them to sign (approve) their own certificate requests.
This would make the customer a private CA.
B) Certificates signed by a trusted public third party entity/organization.
There are only about a dozen issuers who have the authority to sign certificates
for servers worldwide. An example is VeriSign. To use a public CA for certificate
approvals the IP-DECT system would in most cases need to be connected to the
Internet and hold a fully qualified domain name.
For more information see Certificate Signing Request (CSR) on page 55.