Hardware manual

Certification authorities, or CAs, are organizations that issue and sign digital

compared with the signatures of the CAs that are trusted by your application.

All trusted CAs must be pre-configured in the /usr/local/ssl/cert.pem file found in

the gateway’s local filesystem. This file contains certificates for trusted CAs and is

For optimum security, signed certificates should contain a fully qualified domain

name (or FQDN) that ties the certificate to a particular host or domain. Otherwise,

anyone with a valid certificate from one of your trusted CAs could intercept your

secure transmission.

This field allows you to specify which domain name to expect in the certificate. If the

certificate does not contain the expected domain name, the connection will be

aborted.

Supplying a peer FQDN of ssl.yourdomain.com will require that the remote peer provide a

The default cipher list allows only reasonably secure ciphers to be used. If the remote peer

does not support sufficiently modern ciphers, you may need to enable some of the less-

secure ciphers.

The cipher list is specified using the same format as the standard OpenSSL cipher lists. This

list is a set of cipher strings, separated by colons, that represents the available cipher suites:

HIGH: High-encryption ciphers (more than 128-bits)

MEDIUM: Medium-encryption ciphers (equal to 128-bits)

LOW: Low-encryption ciphers (56- and 64-bits, excluding export ciphers)

EXP: Export encryption ciphers

TLSv1: Transport Layer Security v1.0