8/16-Port KVM over IP Switch
72 / 92
6.6.4 Certificate
Figure 6-28. Certificate Settings
The IP-KVM switch uses the Secure Socket Layer (SSL) protocol for any encrypted network
traffic between itself and a connected client. During the connection establishment the IP-KVM
switch has to expose its identity to a client using a cryptographic certificate. The default
certificate comes with IP-KVM device upon delivery is for testing purpose only. System
administrator should not rely on this default certificate as the secured global access
mechanism through Internet.
However, it is possible to generate and install a new base64 X.509 certificate that is unique
for a particular IP-KVM switch. In order to do that, the IP-KVM switch is able to generate a
new cryptographic key and the associated Certificate Signing Request (CSR) that needs to
be certified by a certification authority (CA). A certification authority verifies that you are the
person who you claim you are, and signs and issues a SSL certificate to you.
The following steps are necessary to create and install a SSL certificate for the IP-KVM
switch:
• Create a SSL Certificate Signing Request using the panel shown in Figure 6-28. You need
to fill out a number of fields that are explained below. Once this is done, click on the button
“Create” which will initiate the Certificate Signing Request generation. The CSR can be
downloaded to your administration machine with the “Download CSR” button (see Figure
6-29).
• Send the saved CSR string to a CA for certification. You will get the new certificate from the
CA after a more or less complicated traditional authentication process (depending on the
CA).
• Upload the certificate to the IP-KVM switch using the “Upload” button as shown in Figure
6-29
.
