Difference between revisions of "TLS Certificates LV Demo"
(7 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
</ul> | </ul> | ||
− | ====Certificate Authority (CA) Certificate | + | ====Generation of Certificate Authority (CA) Certificate and Key==== |
---- | ---- | ||
The first step is to generate a Certificate Authority (CA) certificate, which will be used to sign both server and client certificates. | The first step is to generate a Certificate Authority (CA) certificate, which will be used to sign both server and client certificates. | ||
Line 40: | Line 40: | ||
# | # | ||
− | ====Server | + | ====Generation of Server Certificate and Key==== |
---- | ---- | ||
A server certificate, signed by a trusted Certificate Authority (CA), is used to authenticate the server and facilitate secure, encrypted communications with clients. Generating a server certificate follows similar steps to those for creating a CA certificate. | A server certificate, signed by a trusted Certificate Authority (CA), is used to authenticate the server and facilitate secure, encrypted communications with clients. Generating a server certificate follows similar steps to those for creating a CA certificate. | ||
Line 47: | Line 47: | ||
#Select '''Key Size''' | #Select '''Key Size''' | ||
#Enter '''Common Name''' of the '''Server''' | #Enter '''Common Name''' of the '''Server''' | ||
− | # | + | #'''Subject Information''' of the server(Optional) |
#Select the "'''On'''" option next to "'''Sign the Certificate'''". | #Select the "'''On'''" option next to "'''Sign the Certificate'''". | ||
#Define how long the certificate will be '''valid'''. | #Define how long the certificate will be '''valid'''. | ||
#The system should automatically detect the CA certificate and key files from "Certificates Manager" tab. | #The system should automatically detect the CA certificate and key files from "Certificates Manager" tab. | ||
− | # | + | #"'''Delete Signing Request'''" (Optional) |
− | #Click generate | + | #Click [[File:Tls certificates generate button.png|62px]] button |
+ | [[File:Tls certificates server gen p1.png|border|class=tlt-border|860px]] | ||
===Computer=== | ===Computer=== |
Revision as of 12:30, 12 September 2024
Main Page > FAQ > Security > TLS Certificates LV DemoSummary
Some services (such as OpenVPN, MQTT, etc.) on Teltonika Networks devices can be secured using TLS for encryption and authentication. This page discusses where one can obtain TLS certificates and key for this purpose.
Certificate generation
If you are using a third party service that requires TLS, all necessary files should be provided by the provider of that service. However, if you are setting up your own solution you may find use in of the TLS certificate generation methods described below.
Teltonika Networks device
The easiest way to generate certificates and keys is by using the Certificate Generation page that is available in the device's WebUI:
- System → Administration → Certificates
Generation of Certificate Authority (CA) Certificate and Key
The first step is to generate a Certificate Authority (CA) certificate, which will be used to sign both server and client certificates.
- Choose the file type as CA.
- On Teltonika routers, users can select from four Key Size options, ranging from 512 bits to 4096 bits.
- Enter the Common Name. This usually represents the fully qualified domain name (FQDN) of the server (e.g., example.com), but it can be any name of your choice.
- By enabling Subject Information, you can provide details about the entity to which the certificate is issued (Optional):
- A. Country Code (CC): The two-letter country code (e.g., LT for Lithuania).
- B. State or Province Name (ST): The name of the state or province (e.g., California).
- C. Locality Name (L): The city or locality (e.g., San Francisco).
- D. Organization Name (O): The name of the organization or company (e.g., Teltonika).
- E. Organizational Unit Name (OU): The name of the department or unit within the organization (e.g., IT Department).
- These fields help to clearly identify the organization or individual associated with the certificate.
- Select the "On" option next to "Sign the Certificate." If not enabled, the Root CA will not sign or generate the new CA.
- Enter the period of how long CA certificate will be valid
- "Delete Signing Request" can be enabled, as it is not required after generation.
- Click button
Generation of Server Certificate and Key
A server certificate, signed by a trusted Certificate Authority (CA), is used to authenticate the server and facilitate secure, encrypted communications with clients. Generating a server certificate follows similar steps to those for creating a CA certificate.
- Select Server file type.
- Select Key Size
- Enter Common Name of the Server
- Subject Information of the server(Optional)
- Select the "On" option next to "Sign the Certificate".
- Define how long the certificate will be valid.
- The system should automatically detect the CA certificate and key files from "Certificates Manager" tab.
- "Delete Signing Request" (Optional)
- Click button
Computer
You can also use third party software to generate the certificates on your computer. Guides are available for: