TLS Certificates: Difference between revisions

(16 intermediate revisions by the same user not shown)

Line 54:

----

A server certificate, signed by a trusted Certificate Authority (CA), is used to authenticate the server and facilitate secure, encrypted communications with clients. Generating a server certificate follows similar steps to those for creating a CA certificate.

~~The first step is to generate a Certificate Authority (CA) certificate, which will be used to sign both server and client certificates.~~

#Click on the '''Certificate actions''' button.

#Select the '''Create''' option

Line 70:

Line 68:

#The system should automatically detect the CA certificate and key files from "Certificates Manager" tab.

#"'''Delete Signing Request'''" (Optional)

#Click the [[File:Tls certificates rutos create certificate ca create button.png|~~62px~~]] button

#Click the [[File:Tls certificates rutos create certificate ca create button.png|58px]] button

[[File:Tls certificates rutos create server certificate ca pt1.png|border]]

Line 78:

Line 76:

A client certificate, signed by a trusted Certificate Authority (CA), is used to authenticate the client and facilitate secure, encrypted communications with other clients and servers. Generating a client certificate follows similar steps to those for creating a CA certificate.

#Select '''Client''' file type.

#Click on the '''Certificate actions''' button.

#Select the '''Create''' option

[[File:Tls certificates rutos create certificate.png|border]]

#<li value="3">Select '''Client''' file type.

#Select '''Key Size'''

#Enter '''Common Name''' of the Client

Line 87:

Line 90:

#"'''Delete Signing Request'''" (Optional)

#"'''Private Key Decryption password'''" (Optional)

#Click [[File:Tls certificates ~~generate~~ button.png|~~62px~~]] button

#Click the [[File:Tls certificates rutos create certificate ca create button.png|58px]] button

[[File:Tls certificates client.png|~~border|class=tlt-~~border]]

[[File:Tls certificates rutos create client certificate ca pt1.png|border]]

====Generation of DH Parameters====

Line 94:

Line 97:

The '''DH parameters''' refers to the parameters used in the Diffie-Hellman key exchange. This cryptographic protocol allows two parties to generate a shared secret over an untrusted communication channel securely. In practical use, such as with VPNs, TLS/SSL, or routers, DH parameters are used to securely generate session keys for encrypting data. Generating a DH Parameters follows similar steps:

#Select '''DH Parameters''' file type.

The first step is to generate a Certificate Authority (CA) certificate, which will be used to sign both server and client certificates.

#Click on the '''Certificate actions''' button.

#Select the '''Create''' option

[[File:Tls certificates rutos create certificate.png|border]]

#<li value="3">Select '''DH Parameters''' file type.

#Select '''Key Size'''

#Enter '''Common Name'''

#Click [[File:Tls certificates ~~generate~~ button.png|~~62px~~]] button

#Click the [[File:Tls certificates rutos create certificate ca create button.png|58px]] button

[[File:Tls certificates dh.png|~~border|class=tlt-~~border]]

[[File:Tls certificates rutos create dh certificate pt1.png|border]]

====Generation of "Let's Encrypt" Certificate & Key====

Line 104:

Line 113:

Let's Encrypt provides free SSL/TLS certificates that are widely used for securing web services, VPNs, and other network communications. In practical use, such as with websites, routers, or VPNs, the Let's Encrypt certificate and key enable HTTPS connections or secure tunnels. Generating a Let's Encrypt certificate and key follows similar steps:

#Select the "'''Let's Encrypt'''" file type.

#Click on the '''Certificate actions''' button.

#Enter the '''Domain''' name ~~of the remote server associated with~~ the public IP.

#Select the '''Create''' option

[[File:Tls certificates rutos create certificate.png|border]]

#<li value="3">Select the "'''Let's Encrypt'''" file type.

#Enter the '''Domain''' name that is linked to the device's e public IP address.

#Enable '''Automatic renewal''' if you'd like the certificates to be automatically renewed every 60 days (Optional).

#Click [[File:Tls certificates ~~generate~~ button.png|~~62px~~]] button

#Click the [[File:Tls certificates rutos create certificate ca create button.png|58px]] button

[[File:Tls certificates lets encrypt.png|~~border|class=tlt-~~border]]

[[File:Tls certificates rutos create lets encrypt certificate pt1.png|border]]

====Generation of SCEP Certificate & Key====

----

SCEP (Simple Certificate Enrollment Protocol) automates the process of obtaining digital certificates from a certificate authority (CA). The client submits a certificate request to the SCEP server, which acts as an intermediary between the client and the CA. This protocol facilitates secure authentication and encryption, simplifying certificate management and renewal, especially in large-scale deployments.

#Select '''SCEP''' as the '''File type'''

#Click on the '''Certificate actions''' button.

#Select the '''Create''' option

[[File:Tls certificates rutos create certificate.png|border]]

#<li value="3">Select '''SCEP''' as the '''File type'''

#Select '''Key Size'''

#Enter the '''Common name'''

#Enter URL address of the SCEP server

#Enter the '''Challenge''' passkey (the unique value generated by the server for each session)

#Click ~~'''Enroll''' to initiate~~ certificate ~~request~~

#Click the [[File:Tls certificates rutos create certificate ca create button.png|58px]] button

[[File:Tls certificates scep ~~gen~~.png|~~border|class=tlt-~~border]]

[[File:Tls certificates rutos create scep certificate pt1.png|border]]

===Windows & Linux systems===