Appendix c: certificates, Default sx certificate authority settings, Install ca root for ie browsers – Raritan Computer SX User Manual

A

PPENDIX

C:

C

ERTIFICATES

177

Appendix C: Certificates

This appendix contains sections describing Certificates and Certificate Authority and provides
directions about how to:

• Install Dominion SX CA Certificate to a Browser Certificate

• Install SX Server Certificate for IE Browsers

• Install SX Server Certificate for Netscape Navigator

• Install a Third Party Root Certificate In Browsers

• **Generate a CSR for a Third Party CA to sign.

• **Install Third Party Certificate to SX.

• **Install Client Certificate root into the SX.

• **Install Client Certificate into Internet Explorer

• **Install Client Certificate into Netscape Navigator

A Certificate authority (CA) is an entity which issues digital certificates for use by
other parties. These certificates contain a public and private key pair as described in
standard cryptography references. There are many commercial CAs that charge for their
services; however, the Dominion SX acts as a free CA that generates its own certificates.
CA and certificates are part of highly available security technology that can be built into
browsers and web servers - in particular SSL. Browsers and Operating Systems come
with a pre-installed list of trusted Certification Authorities, known as the Trusted Root
CA store. The Dominion SX certificates can be added into a browser as Trusted CA.

Default SX Certificate Authority Settings

The Server Certificate generated in the Dominion SX unit must be installed in the browser in
order for the browser to trust the Server Certificate.
Each time you access an SSL-enabled Dominion SX unit, you see a New Site Certificate window.
You can accept this on a per-session basis or you can eliminate this window’s appearance by
accepting a session certificate permanently. The following steps will show how to install the SX
unit's certificate into the browser's certificate store.
These steps will have to be performed for each SX unit to be accessed for each client browser that
accesses the Dominion SX.

Install CA Root for IE Browsers

Each time you access an SSL-enabled Dominion SX unit, you see a New Site Certificate window.
Eliminate this window’s appearance by either accepting a session certificate permanently or by
installing the server certificate directly in your browser.

Accept a Certificate (Session-Based)

On initially connecting to a Dominion SX unit will be presented with a certificate warning screen.
This certificate by default will be signed by the local SX unit's CA as described above and you
will have to accept this certificate to continue. To eliminate the future appearance of this window
for this Dominion SX unit permanently, you must install the server certificate in your browser.
This procedure is described in the