133
Digital Certificate Management
With SSL enabled (from the Connectivity / Protocols / HTTP selections of the Properties tab of Internet
Services), and a digital certificate installed, remote users accessing the system over an HTTP-based
interface are assured of having their network communications protected against eavesdropping and
tampering, using strong encryption. The only action required by the workstation user is to type https://,
followed by the IP address (or fully qualified domain name) of the system, into the Address or URL box of
the web browser. The subsequent acceptance of a Digital Certificate completes the exchange of the Public
Key enabling the encryption process to proceed.
1.
Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field.
Press [Enter].
2.
Click the [Properties] tab.
3.
Enter the Administrator User name and password if prompted. The default is [admin] and [1111].
4.
Click the symbol to the left of [Security].
5.
Select [Machine Digital Certificate Management] in the directory tree.
Creating a Digital Certificate
Note: SSL cannot be implemented until a digital certificate is installed on the system.
1.
Click [Create New Certificate].
2.
Select either Self Signed Certificate or Certificate Signing Request.
Note: A self-signed certificate is inherently less secure than installing a certificate signed by a trusted,
third party Certificate Authority (CA). However, specifying a self-signed certificate is the easiest way to
start using SSL. A self-signed certificate is also the only option if your company does not have a Server
functioning as a Certificate Authority (Windows 2000 running Certificate Services, for example), or
does not wish to use a third party CA.
3.
Click [Continue].
4.
If you selected Self Signed Certificate, fill out the form with your 2 Letter Country Code, State/Province
Name, Locality Name, Organization Name, Organization Unit, E-mail Address, and Days of Validity.
5.
Click [Apply] to continue. Values from the form will be used to establish a self-signed certificate, and
you will be returned to the main page.
6.
If you selected Certificate Signing Request, fill out the form with your 2 Letter Country Code, State/
Province Name, Locality Name, Organization Name, Organization Unit, and E-mail Address.
7.
Click [Apply] to continue. Values from the form will be used to generate a Certificate Signing Request.
8.
When the process is complete, you will be prompted to save the Certificate Signing Request. Right
click on the link and select Save Target As.
9.
Save the Certificate to your hard drive and send it to a Trusted Certificate Authority.
10. When a signed certificate is received back from the Trusted Certificate Authority, select Trusted
Certificate Authorities in the Security directory tree of the Internet Services Properties tab.
11. Click Add.
12. Click Browse to locate the signed certificate from the Trusted Certificate Authority.
13. Click Upload Certificate Authority.