®
USER’S GUIDE
Switched Rack PDU
129
Method 2: Use the APC Security Wizard to create a CA certificate and a
server certificate.
You use the APC Security Wizard to create two digital
certificates:
•A CA root certificate (Certificate Authority root certificate) that the APC
Security Wizard uses to sign all server certificates and which you then
install into the certificate store (cache) of the browser of each user who
needs access to the Rack PDU.
•A server certificate that you upload to the Rack PDU. When the APC
Security Wizard creates a server certificate, it uses the CA root
certificate to sign the server certificate.
The Web browser authenticates the Rack PDU sending or requesting data:
• To identify the Rack PDU, the browser uses the common name (IP
address or DNS name of the Rack PDU) that was specified in the
server certificate’s distinguished name when the certificate was
created.
• To confirm that the server certificate is signed by a “trusted” signing
authority, the browser compares the signature of the server certificate
with the signature in the root certificate cached in the browser. An
expiration date confirms whether the server certificate is current.
This method has the following advantages and disadvantages.
• Advantages:
– Before they are transmitted, the user name and password for Rack
PDU access and all data to and from the Rack PDU are encrypted.
– The length of the public key (RSA key) that is used for encryption
when setting up an SSL session is 1024 bits, providing more
complex encryption and consequently a higher level of security than
the public key used in Method 1. (This longer encryption key is also
used in Method 3.)