Figure 14 – Cobalt Co9992-4ENC-4K-HEVC Software-Defined Broadcast Encoder User Manual

131

Provide the CSR file, fill in the desired certificate duration (the default is 5 years), provide the
device password, and click on the

Upload CSR

button. The CSR must be in PEM format and is

validated. If the CSR is valid, a certificate will be generated and a link to download it from the
device will be provided. The process of uploading a certificate back to the device was described
in the section entitled “Uploading Keys and Certificates”.

Option 3: Using the same CA Key in all Cobalt Devices

As with Option 2, one of the Cobalt devices is arbitrarily picked as the CA. The CA Key for this
device is downloaded and installed in all the other devices, so they all become copies of the same
CA. When a new CA Key is uploaded into the Cobalt device, it automatically re-generates its
internal certificates to match this key. In this mode, all devices use internal credentials and
internal CA, and this works because all the internal CAs are the same. This process is illustrated
in Figure 15. It is still recommended that key be backed up in a secure location.
As indicated before, uploading a key to a Cobalt device is done through DashBoard. It should be
noted that DashBoard can upload a file to multiple devices in parallel. This is a convenient way
to distribute a key to multiple devices. DashBoard will automatically show all compatible
devices to which the key can be uploaded.
This option is the least secure since a copy of the CA is in each device.

Figure 14: Signing a Certificate

●●●●