14 setting up ssl encryption -1, Web access parameters (text interface only) -1, 14 setting up ssl encryption – Western Telematic AFS-16-1 User Manual
Page 105
14-1
14 Setting Up SSL Encryption
This section describes the procedure for setting up a secure connection via an https
web connection to the AFS-16.
Note: SSL parameters cannot be defined via the Web Browser Interface.
In order to set up SSL encryption, you must contact the AFS-16 via the Text
Interface.
There are two different types of https security certificates: "Self Signed" certificates and
"Signed" certificates.
Self Signed certificates can be created by the AFS-16, without the need to go to an
outside service, and there is no need to set up your domain name server to recognize
the AFS-16. The principal disadvantage of Self Signed certificates, is that when you
access the AFS-16 command mode via the Web Browser Interface, the browser will
display a message which warns that the connection might be unsafe. Note however,
that even though this message is displayed, communication will still be encrypted, and
the message is merely a warning that the AFS-16 is not recognized and that you may
not be connecting to the site that you intended.
Signed certificates must be created via an outside security service (e.g., VeriSign
®
,
Thawte™, etc.) and then uploaded to the AFS-16 unit to verify the user's identity. In
order to use Signed certificates, you must contact an appropriate security service and
set up your domain name server to recognize the name that you will assign to the
AFS-16 unit (e.g., service.wti.com.) Once a signed certificate has been created and
uploaded to the AFS-16, you will then be able to access command mode without seeing
the warning message that is normally displayed for Self Signed certificate access.
WEB ACCESS:
HTTP:
1. Enable: On
2. Port: 80
HTTPS:
3. Enable: On
4. Port: 443
SSL Certificates:
5. Common Name:
6. State or Province:
7. Locality:
8. Country:
9. Email Address:
10. Organization Name:
11. Organizational Unit:
12. Create CSR: 15. Export Server Private Key:
13. View CSR: 16. Import Server Private Key:
14. Import CRT: 17. Harden Web Security: On
Enter: #<CR> to change,
<ESC> to return to previous menu ...
Figure 14.1: Web Access Parameters (Text Interface Only)