Manualshelf

System information

ManualsBrandsCrestron ManualsComputer equipmentCP3N
41424344454647484950
Crestron 3-Series Control Systems Reference Guide
Reference Guide DOC. 7150A 3-Series Control Systems 39
2. The web server sends the browser its digital certificate. The certificate
contains information about the server, including the server’s public key.
3. The browser verifies that the certificate is valid and that a trusted CA issued
it.
4. The browser generates a “master secret” that is encrypted using the server’s
public key and sent to the web server.
5. The web server decrypts the master secret using the servers private key.
6. Now that both the browser and the web server have the same master secret,
they use this master secret to create keys for the encryption and MAC
(message authentication code) algorithms used in the bulk-data process of
SSL. Since both participants used the same master key, they now have the
same encryption and MAC keys.
7. The browser and web server use the SSL encryption and authentication
algorithms to create an encrypted tunnel. Through this encrypted tunnel,
they can pass data securely through the network.
Though the authentication and encryption process may seem involved, the user
generally does not even know it is taking place. However, the user can tell when the
secure tunnel has been established since most SSL-enabled web browsers display a
small closed lock at the bottom (or top) of their screen when the connection is
secure. Users can also identify secure websites by looking at the website address; a
secure website’s address begins with https:// rather than the usual http://. The web
server listens for a secure connection on the well-known port 443.
SSL Configuration
This section describes the steps required to enable a 3-Series web server for SSL and
obtaining a digital certificate from a Certificate Authority. The steps are summarized
as follows (each step is described in detail later):
Establish a serial connection to the 3-Series Control System.
Enable SSL using a self-signed certificate.
Create an encryption public/private key pair and a certificate-signing
request (CSRbased) on the public key.
Back up the private key.
Send the CSR to a Certificate Authority such as Thawte or Verisign, who
verify the identity of the requestor and issue a signed certificate.
Install the CA-signed certificate and optionally, the root certificate, to the
3-Series Control System.
Enable SSL using the CA-signed certificate.
3-Series Control System Requirements
.puf: 1.5.15 or later
Crestron Toolbox: 1.23 or later
SIMPL Windows: 3.00.65 or later