Filter
Top Products
Chapter 9: Security Management
234
SSL Certificates
The KX II uses the Secure Socket Layer (SSL) protocol for any
encrypted network traffic between itself and a connected client.
When establishing a connection, the KX II has to identify itself to a client
using a cryptographic certificate.
It is possible to generate a Certificate Signing Request (CSR) and install
a certificate signed by the Certificate Authority (CA) on the KX II.
The CA verifies the identity of the originator of the CSR.
The CA then returns a certificate containing its signature to the originator.
The certificate, bearing the signature of the well-known CA, is used to
vouch for the identity of the presenter of the certificate.
Important: Make sure your KX II date/time is set correctly.
When a self-signed certificate is created, the KX II date and time are
used to calculate the validity period. If the KX II date and time are not
accurate, the certificate's valid from - to date range may be incorrect,
causing certificate validation to fail. See Configuring Date/Time
Settings (on page 161).
Note: The CSR must be generated on the KX II.
Note: When upgrading firmware, the active certificate and CSR are not
replaced.
To create and install a SSL certificate:
1. Select Security > Certificate.
2. Complete the following fields:
a. Common name - The network name of the KX II once it is
installed on your network (usually the fully qualified domain
name). The common name is identical to the name used to
access the KX II with a web browser, but without the prefix
“http://”. In case the name given here and the actual network
name differ, the browser displays a security warning when the
KX II is accessed using HTTPS.
b. Organizational unit - This field is used for specifying to which
department within an organization the KX II belongs.
c. Organization - The name of the organization to which the KX II
belongs.
d. Locality/City - The city where the organization is located.
e. State/Province - The state or province where the organization is
located.