Manual

ManualsBrandsComtrol ManualsAccessories communicationDeviceMaster LT

DeviceMaster LT User Guide: 2000586 Rev. B

DeviceMaster LT Security - 55

Certificates and Keys

• Configuring Certificates and keys are configured by four uploaded files on the

ttom Key and Certificate Management portion of the Ed

it Security

Confi

guration web page:

- RSA K

ey Pair used by SSL and SSH servers

This is a private/public key pair that is used for two purposes:

• It is used by some cipher suites to encrypt the SSL/TLS handshakin

messages. Possession of the private portion of this key pair allows an

eavesdropper to

both decrypt traffic on SSL/TLS connections that

use

RSA encry

ption during handshaking.

• It is used to sign the Server RSA Certif

icate in order to verify that the

DeviceMaster LT is authorized to use the server RSA identity

certificate. Possession of the private portion of this key pair al

lows

somebody

to pose as the DeviceMaster LT.

If the Server RSA Key is replaced, a corresponding R

SA server certificate

must also be generated and uploaded as a matched set or clients are not

able to verify the identity certificate.

- RSA Ser

ver Certificate used by SSL servers

• This is the RSA identity certificate

that the DeviceMaster LT uses

during SSL/TLS handshaking to identify itself.

It is used most

frequently

by SSL server code in the DeviceMaster LT wh

en clients

open connections

to the DeviceMaster LT's

secure web server or other

secure TCP

ports. If a DeviceMaster LT serial port configuratio

n is set

up to open

(as a client), a TCP connection to another server device, the

DeviceMaster LT also uses this certificate to identify itself as an

SSL

client if requested by the server.

• In order to function properly, this certificate must be signed using

the

Serve

r RSA Key. This means that the server RSA certificate and serv

RSA

key must be replaced as a pair.

- DH

Key pair used by SSL servers

This is a private/public key pair that is used by

some cipher suites to

encrypt the SSL/TLS handshaking messages.

Possession of the private portion of the k

ey pair allows an eavesdropper to

decrypt traffic on SSL/TLS connections that use DH encryption during

handshaking.

- Client A

uthentication Certificate used by SSL servers

If configured with a CA certificate, the DeviceM

aster LT requires all SSL/

TLS clients to present an RSA identity certificate that has been signed by

the configured CA certificate. As shipped, the DeviceMaster LT is not

configured with a CA certificate and all SSL/TLS clients are allowed.