Line 774: |
Line 774: |
| <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li> | | <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li> |
| <li><b>Let's encrypt</b> - generates SSL certificate.</li> | | <li><b>Let's encrypt</b> - generates SSL certificate.</li> |
| + | <li><b>SCEP</b> - generates SCEP (Simple Certificate Enrollment Protocol) certificate.</li> |
| </ol> | | </ol> |
| | | |
Line 782: |
Line 783: |
| <b>Simple file parameters</b> | | <b>Simple file parameters</b> |
| | | |
− | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters_v1.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 804: |
Line 805: |
| <b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s). | | <b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s). |
| | | |
− | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 826: |
Line 827: |
| <b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name. | | <b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name. |
| | | |
− | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v2.png|border|class=tlt-border]] |
| ---- | | ---- |
| The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete. | | The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete. |
| | | |
− | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v2.png|border|class=tlt-border]] |
| | | |
| <table class="nd-mantable"> | | <table class="nd-mantable"> |
Line 862: |
Line 863: |
| A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password. | | A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password. |
| | | |
− | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v1.png|border|class=tlt-border]] | + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v2.png|border|class=tlt-border]] |
| + | ---- |
| + | <b>Let's encrypt</b> - This section provides an overview of the parameters used to generate SSL certificates. |
| + | ---- |
| + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_lets_encrypt.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Domain</td> |
| + | <td>domain name; default: <b>none</b></td> |
| + | <td>Hostname that is linked to the device's public IP address.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Automatically renew</td> |
| + | <td>off {{!}} on; default: <b>off</b></td> |
| + | <td>Certificates will be automatically renewed every 60 days.</td> |
| + | </tr> |
| + | </table> |
| + | ---- |
| + | <b>SCEP</b> - This section provides an overview of the parameters used to create certificates for the Simple Certificate Enrollment Protocol. |
| + | ---- |
| + | [[File:Networking_rutos_manual_administartion_certificates_certificates_generation_scep.png|border|class=tlt-border]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Key Size</td> |
| + | <td>512 {{!}} 1024 {{!}} 2048 {{!}} 4096 {{!}} ; default: <b>none</b></td> |
| + | <td>Certificate key size.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Common name</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Common name of the certificate.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>SCEP server URL</td> |
| + | <td>url; default: <b>none</b></td> |
| + | <td>URL of the SCEP server.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Challenge</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>It's recommended to use a high-entropy shared-secret authentication string, such as a base64-encoded key from EAP or DNP3-SA protocols, for the initial SCEP certificate generation.</td> |
| + | </tr> |
| + | </table> |
| | | |
| ====Certificate Signing==== | | ====Certificate Signing==== |