Manualshelf

System information

ManualsBrandsCrestron ManualsAmplifierQM-AMP3x80 Series
51525354555657585960
Reference Guide Crestron 2-Series Control System
48 2-Series Control Systems Reference Guide – DOC. 6256A
important to back up the private key, as it is unique to each CSR. If the private key is
lost the certificate is useless and it would be necessary to begin the enrollment
process all over again.
Here is a description of an SSL transaction:
1. The browser sends a request for an SSL session to the Web server.
2. The Web server sends the browser its digital certificate. The certificate
contains information about the server, including the server’s public key.
3. The browser verifies that the certificate is valid and that a trusted CA issued
it.
4. The browser generates a “master secret” that is encrypted using the server’s
public key and sent to the Web server.
5. The Web server decrypts the master secret using the server’s private key.
6. Now that both the browser and the Web server have the same master secret,
they use this master secret to create keys for the encryption and MAC
(message authentication code) algorithms used in the bulk-data process of
SSL. Since both participants used the same master key, they now have the
same encryption and MAC keys.
7. The browser and Web server use the SSL encryption and authentication
algorithms to create an encrypted tunnel. Through this encrypted tunnel,
they can pass data securely through the network.
Though the authentication and encryption process may seem involved, the user
generally does not even know it is taking place. However, the user will be able to tell
when the secure tunnel has been established since most SSL-enabled Web browsers
will display a small closed lock at the bottom (or top) of their screen when the
connection is secure. Users can also identify secure websites by looking at the
website address; a secure website’s address will begin with https:// rather than the
usual http://. The Web server listens for a secure connection on the well-known port
443.
SSL Configuration
This section describes the steps required to enable a 2-Series Web server for SSL and
obtaining a digital certificate from a Certificate Authority. The steps are summarized
as follows (each step is described in detail later):
Establish a serial connection to the 2-Series control system.
Enable SSL using a self-signed certificate.
Create an encryption public/private key pair and a certificate-signing
request (CSR) based on the public key.
Back up the private key.
Send the CSR to a Certificate Authority such as Thawte or Verisign, who
will verify the identity of the requestor and issue a signed certificate.
Install the CA-signed certificate and optionally, the root certificate, to the
2-Series control system.
Enable SSL using the CA-signed certificate.