Changes

Template:Networking rutos manual administration (view source)

Revision as of 08:59, 4 October 2024

1,961 bytes added ,  4 October
no edit summary
Line 774: Line 774:  
     <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li>
 
     <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li>
 
     <li><b>Let's encrypt</b> - generates SSL certificate.</li>
 
     <li><b>Let's encrypt</b> - generates SSL certificate.</li>
 +
    <li><b>SCEP</b> - generates SCEP (Simple Certificate Enrollment Protocol) certificate.</li>
 
</ol>
 
</ol>
   Line 782: Line 783:  
<b>Simple file parameters</b>
 
<b>Simple file parameters</b>
   −
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters_v1.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 804: Line 805:  
<b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s).
 
<b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s).
   −
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 826: Line 827:  
<b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name.
 
<b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name.
   −
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v2.png|border|class=tlt-border]]
 
----
 
----
 
The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete.
 
The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete.
   −
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 862: Line 863:  
A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password.
 
A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password.
   −
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v2.png|border|class=tlt-border]]
 +
----
 +
<b>Let's encrypt</b> - This section provides an overview of the parameters used to generate SSL certificates.
 +
----
 +
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_lets_encrypt.png|border|class=tlt-border]]
 +
 
 +
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field</th>
 +
      <th>Value</th>
 +
      <th>Description</th>
 +
    </tr>
 +
    <tr>
 +
      <td>Domain</td>
 +
      <td>domain name; default: <b>none</b></td>
 +
      <td>Hostname that is linked to the device's public IP address.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Automatically renew</td>
 +
      <td>off {{!}} on; default: <b>off</b></td>
 +
      <td>Certificates will be automatically renewed every 60 days.</td>
 +
    </tr>
 +
</table>
 +
----
 +
<b>SCEP</b> - This section provides an overview of the parameters used to create certificates for the Simple Certificate Enrollment Protocol.
 +
----
 +
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_scep.png|border|class=tlt-border]]
 +
 
 +
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field</th>
 +
      <th>Value</th>
 +
      <th>Description</th>
 +
    </tr>
 +
    <tr>
 +
      <td>Key Size</td>
 +
      <td>512 {{!}} 1024 {{!}} 2048 {{!}} 4096 {{!}} ; default: <b>none</b></td>
 +
      <td>Certificate key size.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Common name</td>
 +
      <td>string; default: <b>none</b></td>
 +
      <td>Common name of the certificate.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>SCEP server URL</td>
 +
      <td>url; default: <b>none</b></td>
 +
      <td>URL of the SCEP server.</td>
 +
    </tr>
 +
    <tr>
 +
      <td>Challenge</td>
 +
      <td>string; default: <b>none</b></td>
 +
      <td>It's recommended to use a high-entropy shared-secret authentication string, such as a base64-encoded key from EAP or DNP3-SA protocols, for the initial SCEP certificate generation.</td>
 +
    </tr>
 +
</table>
    
====Certificate Signing====
 
====Certificate Signing====
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/133601"

Navigation menu