Reference7:Certificate management: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
Line 44: Line 44:
'''Note: Certificates can only be trusted if they are valid (i.e. not expired).'''
'''Note: Certificates can only be trusted if they are valid (i.e. not expired).'''


=== Using this feature for easy certificate setup in small installations ===
=== Easy certificate setup in small installations ===
* Set up your devices without taking care for the trust list
* Set up your devices without taking care for the trust list
* Clear the list of rejected certificates
* Clear the list of rejected certificates

Revision as of 16:56, 27 March 2008

Supported features

File formats

There are two commonly used file formats for certificates:

  • DER (Distinguished Encoding Rules) is a binary encoding. A typical file extension would be .crt.
  • PEM (Personal E-Mail) uses only printable characters and therefore allows for easy use with e-mail.

Trust list

To establish a TLS connection, the certificate of the server or of the issuing CA must be trusted. Therefore each client maintains a list of trusted certificates.

Certificate trustlist GUI

Certificate details

Click the subject name to view the details of a trusted certificate.

Certificate details GUI

Installing a certificate from a file

  • Select a certificate file.
  • Press the "Upload" button.
  • Take a look at the certificate details and check wheather the SHA1 and MD5 fingerprints match with the values published by the certificate owner.

Installing a certificate that was rejected before

See section "Rejected certificates".

Removing certificates from the trust list

  • Select the items to remove using the check boxes and press the "Remove" button.
  • Open TLS connections using these certificates will not be closed.

Download

You can download a certificate from the trust list in PEM and DER format by clicking the corresponding link.

Rejected certificates

If certificate validation was unsuccessful, the reason is written to the error log. Additionally the last 10 rejected certificates are cached for diagnostics.

Clearing the list

  • Press the "Clear" button.

Adding rejected certificates to the trust list

  • Check the certificate details and decide wheather it should be trusted or not.
  • Select certificates using the checkboxes and press the "Trust" button.

Note: Certificates can only be trusted if they are valid (i.e. not expired).

Easy certificate setup in small installations

  • Set up your devices without taking care for the trust list
  • Clear the list of rejected certificates
  • Make a test run (Shouldn't work!)
  • Trust the rejected certificates
  • Make a test run again (Should work this time!)