Jump to content
  • EN

Template:Networking rutos manual administration: Difference between revisions

Template:Networking rutos manual administration (view source)

Revision as of 07:59, 4 October 2024

1,961 bytes added ,  4 October
no edit summary
VisualWikitext
No edit summary
Line 774: Line 774:
     <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li>
     <li><b>DH Parameters</b> - generates a Diffie-Hellman (DH) parameters file. DH parameters are used in symmetric encryption to protect and define how OpenSSL key exchange is performed.</li>
     <li><b>Let's encrypt</b> - generates SSL certificate.</li>
     <li><b>Let's encrypt</b> - generates SSL certificate.</li>
    <li><b>SCEP</b> - generates SCEP (Simple Certificate Enrollment Protocol) certificate.</li>
</ol>
</ol>


Line 782: Line 783:
<b>Simple file parameters</b>
<b>Simple file parameters</b>


[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_simple_parameters_v1.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 804: Line 805:
<b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s).
<b>TLS parameters</b> or simply parameters that apply to each (CA, Server, Client, DH) file type are the size and common name of the generated file(s).


[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_core_parameters_v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 826: Line 827:
<b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name.
<b>Subject information</b> is not mandatory but can be used as user-friendly way to identify the ownership of certificate files by including such information as the owner's location and company name.


[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_subject_information_v2.png|border|class=tlt-border]]
----
----
The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete.
The <b>Sign the certificate</b> slider control whether the certificate will be signed automatically or manually after the generation is complete.


[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_sign_the_certificate_v2.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 862: Line 863:
A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password.
A <b>Private Key Decryption Password</b> is a parameter used to decrypt private keys protected by a password.


[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v1.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_private_key_decryption_password_v2.png|border|class=tlt-border]]
----
<b>Let's encrypt</b> - This section provides an overview of the parameters used to generate SSL certificates.
----
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_lets_encrypt.png|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
      <td>Domain</td>
      <td>domain name; default: <b>none</b></td>
      <td>Hostname that is linked to the device's public IP address.</td>
    </tr>
    <tr>
      <td>Automatically renew</td>
      <td>off {{!}} on; default: <b>off</b></td>
      <td>Certificates will be automatically renewed every 60 days.</td>
    </tr>
</table>
----
<b>SCEP</b> - This section provides an overview of the parameters used to create certificates for the Simple Certificate Enrollment Protocol.
----
[[File:Networking_rutos_manual_administartion_certificates_certificates_generation_scep.png|border|class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>Field</th>
      <th>Value</th>
      <th>Description</th>
    </tr>
    <tr>
      <td>Key Size</td>
      <td>512 {{!}} 1024 {{!}} 2048 {{!}} 4096 {{!}} ; default: <b>none</b></td>
      <td>Certificate key size.</td>
    </tr>
    <tr>
      <td>Common name</td>
      <td>string; default: <b>none</b></td>
      <td>Common name of the certificate.</td>
    </tr>
    <tr>
      <td>SCEP server URL</td>
      <td>url; default: <b>none</b></td>
      <td>URL of the SCEP server.</td>
    </tr>
    <tr>
      <td>Challenge</td>
      <td>string; default: <b>none</b></td>
      <td>It's recommended to use a high-entropy shared-secret authentication string, such as a base64-encoded key from EAP or DNP3-SA protocols, for the initial SCEP certificate generation.</td>
    </tr>
</table>


====Certificate Signing====
====Certificate Signing====
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/133601"