User Manual
Table Of Contents
- PremierWave EN User Guide
- 1: Using This Guide
- 2: Introduction
- 3: Using DeviceInstaller
- 4: Network Settings
- 5: Line and Tunnel Settings
- 6: Configurable Pin Manager
- 7: Services Settings
- 8: Security Settings
- 9: Maintenance and Diagnostics Settings
- 10: Advanced Settings
- 11: Tunneling
- 12: Security in Detail
- 13: Updating Firmware
- A: Technical Support
- B: Binary to Hexadecimal Conversions
- C: Compliance
- D: Warranty
- E: USB-CDC-ACM Device Driver File for Windows Hosts
- Index
12: Security in Detail
PremierWave EN User Guide 56
Obtaining a Certificate and Private Key
You can obtain a certificate by completing a certificate request and sending it to a certificate
authority that will create a certificate/key combo, usually for a fee. Or generate your own. A
few utilities exist to generate self-signed certificates or sign certificate requests. The
PremierWave EN also has the ability to generate its own self-signed certificate/key combo.
You can use XML to export the certificate in PEM format, but you cannot export the key.
Hence the internal certificate generator can only be used for certificates that are to identify
that particular PremierWave EN.
Certificates and private keys can be stored in several file formats. Best known are PKCS12,
DER and PEM. Certificate and key can be in the same file or in separate files. The key can
be encrypted with a password or not. The PremierWave EN currently only accepts separate
PEM files. The key needs to be unencrypted.
Utilities
Several utilities exist to convert between the formats.
OpenSSL
OpenSSL is a widely used open source set of SSL related command line utilities. It can act
as server or client. It can generate or sign certificate requests. It can convert from and to all
kinds of formats.
Executables are available for Linux and Windows.
To generate a self-signed RSA certificate/key combo:
openssl req –x509 –nodes –days 365 –newkey rsa:1024 –keyout
mp_key.pem –out mp_cert.pem
See
www.openssl.org or www.madboa.com/geek/openssl for more information.
Note: Signing other certificate requests is also possible with OpenSSL but is too complicated
to explain here.
Steel Belted RADIUS
Steel Belted RADIUS is a commercial RADIUS server by Juniper Networks that provides a
GUI administration interface. It also provides a certificate request and self-signed certificate
generator. The self-signed certificate has extension .sbrpvk and is in the PKCS12 format.
OpenSSL can convert this into a PEM format certificate and key:
openssl pkcs12 –in sbr_certkey.sbrpvk –nodes –out sbr_certkey.pem
The sbr_certkey.pem file contains both certificate and key. If loading the SBR certificate
into PremierWave EN as an authority, you will need to edit it.
1. Open the file in any plain text editor.
2. Delete all info before “----- BEGIN CERTIFICATE-----“and after “----- END
CERTIFICATE-----“, and then save as sbr_cert.pem.