Hardware manual
80-001113 SysLINK Administrator’s Guide Page 46
SSL Security Certificates
This page displays two sets of SSL certificates – the unit’s Identification Certificate and a list
of SSL peer and Certifying Authority certificates.
The SSL identification certificate identifies unit to remote SSL peers. During initialization,
the unit checks to see if an identification certificate exists. If not, it automatically generates
one and keeps it secure.
The public key portion of this certificate can be used by remote SSL servers to uniquely
identify the unit. This is sometimes known as client-side SSL authentication. To configure
client-side authentication on your server, perform one of the following steps:
Download the public key from the unit using the Download Public Key link and add
it to your SSL server's list of trusted SSL peers.
Use the Register/Install link to send the certificate to an HTTP server which supports
registration.
All SSL identity certificates have a private key which must be kept secret in order to
guarantee SSL security. The unit's firmware protects this private key by hiding it in internal
memory and never letting its contents leave the device. However, note that debug versions
of firmware remove these protections. In order to maintain the security of past and future
SSL transactions, the private key is destroyed whenever switching from secure production
firmware to debug firmware, and vice versa.
If the private key is destroyed by new firmware, the unit will automatically create a new
identity certificate after reboot. This new certificate must then be re-registered with your SSL
server(s).