Software
Crestron
e-Control
®
The CA-signed certificate is an ASCII “base64” encoded text (*.CER) file, which the
2-Series processor converts to a binary file called \\SYS\srv_cert.der. As a part of the
CSR process, a private key is also created as \\SYS\srv_key.der. It is extremely
important to back up the private key, as it is unique to each CSR. If the private key is
lost the certificate is useless and it would be necessary to begin the enrollment
process all over again.
Here is a description of an SSL transaction:
1. The browser sends a request for an SSL session to the Web server.
2. The Web server sends the browser its digital certificate. The certificate
contains information about the server, including the server’s public key.
3. The browser verifies that the certificate is valid and that a trusted CA issued
it.
4. The browser generates a “master secret” that is encrypted using the server’s
public key and sent to the Web server.
5. The Web server decrypts the master secret using the server’s private key.
6. Now that both the browser and the Web server have the same master secret,
they use this master secret to create keys for the encryption and MAC
(message authentication code) algorithms used in the bulk-data process of
SSL. Since both participants used the same master key, they now have the
same encryption and MAC keys.
7. The browser and Web server use the SSL encryption and authentication
algorithms to create an encrypted tunnel. Through this encrypted tunnel, they
can pass data securely through the network.
Though the authentication and encryption process may seem involved, the user
generally does not even know it is taking place. However, the user will be able to tell
when the secure tunnel has been established since most SSL-enabled Web browsers
will display a small closed lock at the bottom (or top) of their screen when the
connection is secure. Users can also identify secure Web sites by looking at the Web
site address; a secure Web site’s address will begin with http
s
:// rather than the usual
http://. The Web server listens for a secure connection on the well-known port 443.
14
•
Crestron e-Control®
Reference Guide – DOC. 6052