NTI Secure Remote Power Reboot Switch
48
X509 Certificate
The IPDU-Sx is pre-loaded with a generic X509 Server Certificate. If you wish to provide your own X509 Server certificate, the
Server certificate must be uploaded to the ENVIROMUX. The Server certificate and key must be combined in a single file (“PEM”
format).
Browse
to the Server certificate file and select it. Then load using the button “
Upload Server Certificate and key
”.
Note: The key used should not be password protected.
X509 Client Authentication
In addition to Local and LDAP client authentication, X509 client authentication is also available. In order to use X509 client
certificate authentication, select "
Certi Login
" for the mode setting (Figure 50). X509 client certificate authentication
requires the user to present client certification (this happens behind the scenes when you enter the https IP address, before you
are presented with a “Login” screen). For this to work:
1. A client certificate signed by a Certifying Authority (CA) must be loaded into the user’s browser.
2. Use “
Choose File
” and browse to the CA certificate (file with “.crt” extension) and select it.
3. Click on the “
Upload CA certificate
” button and load the CA certificate to the ENVIROMUX.
Note: The user will need to login after the X509 client certificate is validated.
The “
Restore default certificate
” button will restore the unit’s default self-signed certificates if needed.
Whether you are just loading your own Server Certificate, or also using client authentication
,
reboot the IPDU-Sx for this
certificate to take effect.
Figure 51- Security Configuration-X509 Certificate and Login Alerts
Note: HTTP access can be enabled/disabled from web page under Administration -> Network -> Server Settings -> Enable
HTTP (page 35). Do not disable http access until you verify certificate verification works properly for https connection.
HTTP connection will allow you to change any settings if a wrong certificate is uploaded. Once HTTPS client certificate
validation is verified to be working properly, disable HTTP access for security.