Authenticating remote devices, Option 1: use an external certificate authority – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual

126

Authenticating Remote Devices

The previous sections described how to set the credentials for the local device, which are
presented to the remote device at connection time. In other words, they are the answer to the
“

who are you?

” question.

The other side of the authentication is, upon reception of the credentials, to decide if the local
device is willing to communicate with the remote device. For Cobalt devices, the answer to this
question is “

any device whose certificate has been signed by my trusted CA is allowed to

connect, unless explicitly banned

”.

All Cobalt devices have a built-in CA, and by default will authenticate against this built-in CA.
This means that if you simply enable authentication in two Cobalt devices,

they will fail to

communicate

because each one is using its internal built-in CA credentials. They will need to

be configured with the proper CA and credentials. There are multiple options to do so,
described below.

Option 1: Use an External Certificate Authority

This is the most secure option, but it is also the most involved to set up. The steps are:

1.

Create a Certificate Authority on a computer separate from the Cobalt devices, and
generate a CA Certificate. An example of how to do this can be found in the section
entitled “Creating a Certificate Authority with OpenSSL” later in this document.

Figure 7: Generating a CSR