Reference7:Certificate management: Difference between revisions
Jump to navigation
Jump to search
Line 58: | Line 58: | ||
'''Note: Certificates can only be trusted if they are valid (i.e. not expired).''' | '''Note: Certificates can only be trusted if they are valid (i.e. not expired).''' | ||
=== | === Fast trust list setup in small installations === | ||
* Set up your devices without taking care for the trust list | * Set up your devices without taking care for the trust list | ||
* Clear the list of rejected certificates | * Clear the list of rejected certificates |
Revision as of 20:21, 27 March 2008
Supported certificates
File formats
- DER (Distinguished Encoding Rules, Extensions .crt .cer .der)
- PEM (Personal E-Mail, Extension .pem)
Certificate versions
- X.509 version 2
- X.509 version 3
Certificate extensions
- basicConstraints
- keyUsage
- extKeyUsage
- subjectAltName
Note: Validation will fail, if an unsupported extension is marked as critical.
Signing algorithms
- sha1WithRSAEncryption
- md5WithRSAEncryption
Trust list
This list contains the certificates that should be trusted by the device for TLS connections.
Certificate details
Click the subject name to view the details.
Installing a certificate from a file
- Select a file.
- Press the "Upload" button.
- Take a look at the certificate details and check wheather the SHA1 and MD5 fingerprints match with the values published by the owner.
Installing a certificate that was rejected before
See section "Rejected certificates".
Removing certificates from the trust list
- Select the items to remove using the checkboxes and press the "Remove" button.
- Open TLS connections that are using these certificates will not be closed.
Download
You can download a certificate from the trust list in PEM and DER format by clicking the corresponding link.
Rejected certificates
This list contains the last 10 certificates that were rejected.
Clearing the list
- Press the "Clear" button.
Adding rejected certificates to the trust list
- Check the certificate details and decide wheather it should be trusted or not.
- Select certificates using the checkboxes and press the "Trust" button.
Note: Certificates can only be trusted if they are valid (i.e. not expired).
Fast trust list setup in small installations
- Set up your devices without taking care for the trust list
- Clear the list of rejected certificates
- Make a test run (Shouldn't work!)
- Trust the rejected certificates
- Make a test run again (Should work this time!)