Reference7:Certificate management: Difference between revisions
Jump to navigation
Jump to search
Line 2: | Line 2: | ||
=== File formats === | === File formats === | ||
* DER (Distinguished Encoding Rules | * DER (Distinguished Encoding Rules, Extensions .crt .cer .der) | ||
* PEM (Personal E-Mail) | * PEM (Personal E-Mail, Extension .pem) | ||
=== Certificate versions === | === Certificate versions === |
Revision as of 19:08, 27 March 2008
Supported certificates
File formats
- DER (Distinguished Encoding Rules, Extensions .crt .cer .der)
- PEM (Personal E-Mail, Extension .pem)
Certificate versions
- X.509 version 2
- X.509 version 3
Certificate extensions
- basicConstraints
- keyUsage
- extKeyUsage
- subjectAltName
Note: Validation will fail, if an unsupported extension is marked as critical.
Signing algorithms
- sha1WithRSAEncryption
- md5WithRSAEncryption
Trust list
This list contains the certificates that should be trusted by the device for TLS connections.
Certificate details
Click the subject name to view the details.
Installing a certificate from a file
- Select a file.
- Press the "Upload" button.
- Take a look at the certificate details and check wheather the SHA1 and MD5 fingerprints match with the values published by the owner.
Installing a certificate that was rejected before
See section "Rejected certificates".
Removing certificates from the trust list
- Select the items to remove using the checkboxes and press the "Remove" button.
- Open TLS connections that are using these certificates will not be closed.
Download
You can download a certificate from the trust list in PEM and DER format by clicking the corresponding link.
Rejected certificates
This list contains the last 10 certificates that were rejected.
Clearing the list
- Press the "Clear" button.
Adding rejected certificates to the trust list
- Check the certificate details and decide wheather it should be trusted or not.
- Select certificates using the checkboxes and press the "Trust" button.
Note: Certificates can only be trusted if they are valid (i.e. not expired).
Easy certificate setup in small installations
- Set up your devices without taking care for the trust list
- Clear the list of rejected certificates
- Make a test run (Shouldn't work!)
- Trust the rejected certificates
- Make a test run again (Should work this time!)