User’s guide, Battery management system – APC Battery Management System User Manual

®

USER’S GUIDE

Battery Management System

122

Method 2: Use the APC Security Wizard to create a CA certificate and a
server certificate.

You use the APC Security Wizard to create two digital

certificates:

• A CA root certificate (Certificate Authority root certificate) that the APC

Security Wizard uses to sign all server certificates and which you then
install into the certificate store (cache) of the browser of each user who
needs access to the Battery Management System.

• A server certificate that you upload to the Battery Management

System. When the APC Security Wizard creates a server certificate, it
uses the CA root certificate to sign the server certificate.

The Web browser authenticates the Management Card in the Battery
Management System master controller sending or requesting data:

• To identify the Management Card, the browser uses the common name

(IP address or DNS name of the Management Card) that was specified
in the server certificate’s distinguished name when the certificate was
created.

• To confirm that the server certificate is signed by a “trusted” signing

authority, the browser compares the signature of the server certificate
with the signature in the root certificate cached in the browser. An
expiration date confirms whether the server certificate is current.

This method has the following advantages and disadvantages.

•

Advantages:

– Before they are transmitted, the user name and password for

Management Card access and all data to and from the Management
Card are encrypted.