Reference7:Certificate management

Supported certificates

File formats

• DER (Distinguished Encoding Rules, Extensions .crt .cer .der)
• PEM (Personal E-Mail, Extension .pem)

Certificate versions

• X.509 version 2
• X.509 version 3

Certificate extensions

• basicConstraints
• keyUsage
• extKeyUsage
• subjectAltName

Note: Validation will fail, if an unsupported extension is marked as critical.

Signing algorithms

• sha1WithRSAEncryption
• md5WithRSAEncryption

Trust list

This list contains the certificates that should be trusted by the device for TLS connections.

Certificate trustlist GUI

Certificate details

Click the subject name to view the details.

Certificate details GUI

Installing a certificate from a file

• Select a file.
• Press the "Upload" button.
• Take a look at the certificate details and check wheather the SHA1 and MD5 fingerprints match with the values published by the owner.

Installing a certificate that was rejected before

See section "Rejected certificates".

Removing certificates from the trust list

• Select the items to remove using the checkboxes and press the "Remove" button.
• Open TLS connections that are using these certificates will not be closed.

Download

You can download a certificate from the trust list in PEM and DER format by clicking the corresponding link.

Rejected certificates

This list contains the last 10 certificates that were rejected.

Clearing the list

• Press the "Clear" button.

Adding rejected certificates to the trust list

• Check the certificate details and decide wheather it should be trusted or not.
• Select certificates using the checkboxes and press the "Trust" button.

Note: Certificates can only be trusted if they are valid (i.e. not expired).

Fast trust list setup in small installations

• Set up your devices without taking care for the trust list
• Clear the list of rejected certificates
• Make a test run (Shouldn't work!)
• Trust the rejected certificates
• Make a test run again (Should work this time!)