Certificate, Figure 33 certificate settings screen – Raritan Computer MCIP18 User Manual

38

M

ASTER

C

ONSOLE

IP

U

SER

G

UIDE

Certificate

Figure 33 Certificate Settings Screen

MCIP uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself
and connected clients. While establishing the connection, MCIP exposes its identity to the client
using a cryptographic certificate. Upon delivery, this certificate and underlying secret key will not
match the network configuration applied to MCIP by its user. The certificate’s underlying secret
key is also used for securing the SSL handshake. This is a security risk, but you can generate and
install a new base 64 x.509 certificate unique for your particular MCIP.

To do so, command MCIP to generate a new cryptographic key and associated Certificate
Signing Request (CSR) to be certified by a certification authority (CA). A certification authority
verifies your (your system’s) identity and issues you a SSL certificate. To create and install an
SSL certificate for the MCIP, please follow the steps outlined below.

In the Certificate Signing Request panel, fill in the data indicated.
Type the MCIP unit’s network name (once installed in your network) in the Common name field.
This is usually the FQDN (fully qualified domain name), and is identical to the name used to
access MCIP with a web browser (without the http:// prefix). If the name here and the actual
network name differ, the browser will pop up a security warning when the MCIP is accessed
using HTTPS.

Type the department to which MCIP belongs in the Organizational unit field.

Type the name of the organization (company) to which the MCIP belongs in the Organization
field.

Type the city in which the organization is located in the Locality/City field.

Type the state or province in which the organization is located in the State/Province field.

Type the country in which the organization is located in the Country (ISO code) field. Use the
two-letter ISO code, for example, US for the U.S. or DE for Germany.

Some certification authorities require a challenge password to authorize later changes on the
certificate. Type a password of at least four characters in the Challenge password field.

Retype the challenge password in the Confirm Challenge password field for confirmation.

Type a contact person’s email address in the Email field. The contact person is a person
responsible for the MCIP and its security.

Click on the Key length drop-down arrow and choose the length of the generated key (in bits). A
key length of 1024 Bits should suffice in most cases; longer keys can result in slower response
time during connection establishment.

Click Create.