4 import your own certificate, Import your own certificate – Guntermann & Drunck UCON-IP-NEO Web Interface User Manual

Guntermann & Drunck GmbH

UCON-IP-NEO Web interface

Page

23

3.1.4

Import your own certificate

An SSL certificate is stored for the web server on the IP user module

for the

safe connection via SSL. If the name of the device in the certificate does not
match with the name in the UPR, a warning message appears in the browser.
The only option to remove this message is for the user or the administrator of
the IP user module

to import a certificate with the correct name. This can be

done via the web interface. Here, it should be ensured that



the certificate is a RSA certificate, and not a DSA certificate.



it is neither a Certificate Authority (CA) and nor a root certificate.

To create a certificate you can use the openssl program from the OpenSSL
package, which can be downloaded from http://www.openssl.org/.
As an example the commands are:

1. Create private key: openssl genrsa -out server.key 2048
2. Create certificate request: openssl req -new -key server.key -out

server.csr

3. Sign: openssl x509 -req -days 60 -in server.csr -signkey server.key -

out server.crt

During the creation, some entries such as company, name, email address etc.
are requested that the creator may enter at will. The DNS name or the IP
address of the IP user module

should be entered as Common name.

At the end of the process, 3 files were created: server.crt, server.csr and
server.key. The content of

server.crt is entered in the WebIF into the

certificate field

and the content of the server key is entered into the Key field.

Note:

The contents of the

server.crt and server.key have to be entered in the

respective fields because the certificate can otherwise not be copied
successfully.