Figure 9, Own in figure 9 – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual
Page 128
128
Option 2: Using one of the Cobalt Devices as the Certificate Authority
This is similar to Option 1, but instead of a separate CA, one of the Cobalt devices is used as the
CA. This option is less secure than Option since the CA is one of the devices participating in the
network. The steps are:
1.
Pick one of the Cobalt devices as the CA for your network. This device will be
configured to use the internal CA and internal credentials. The CA key for this device
MUST
be downloaded and backed up.
2.
Copy the CA certificate from the device chosen as the CA into all the other devices in the
network. Configure all other devices to use this CA certificate.
3.
Generate a CSR from each device in the network, have it signed by the CA device, and
install the resulting certificate back in the device. Cobalt devices working as a CA can
only sign certificates – client key generation is not supported.
Figure 10 illustrates the whole process.
Figure 9: Uploading an External CA Certificate
●●●●