Figure 6-13: certificate settings – Freedom9 IP 800 User Manual

freeView IP 800 User’s Manual

58

6.4.4 Certificate

Figure 6-13: Certificate Settings

The freeView IP 800 uses the Secure Socket Layer (SSL) protocol for any encrypted network
traffic between itself and a connected client. During the connection establishment, the device has
to expose its identity to a client using a cryptographic certificate. By default, this certificate and
the underlying secret key is the same for all freeView IP 800’s and will not match the network
configuration that will the device is connected to. The certificate's underlying secret key is also
used for securing the SSL handshake. Hence, there is still a potential security risk when using
the default SSL certificate, but it is more secure than no encryption at all.

It is possible to generate and install a new certificate that is unique for a particular freeView IP
800. In order to do this, the freeView IP 800 can generate a new cryptographic key and the
associated Certificate Signing Request (CSR) that needs to be certified by a certification
authority (CA). A certification authority verifies that the device and identity are legitimate and
signs and issues a SSL certificate for the device.

The following steps are necessary to create and install a SSL certificate for the freeView IP 800:

• Create an SSL Certificate Signing Request using the panel shown in Figure 6-13. Complete

the fields on the page. The fields are explained below. Once completed, click on the “Create”
button which will initiate the Certificate Signing Request generation. The CSR can be
downloaded to the local machine with the “Download CSR” button (see Figure 6-14).

• Send the saved CSR to a CA for certification. Once the CA has completed their

authentication process, a new certificate will be issued for the device.