Functions
Certificate Management
EC Key?
Cerficate?
Cerficate?
CSR generated,
CA-signed
cerficate
Self-signed
cerficate
Self-signed
cerficate
External generated,
CA-signed
cerficate
CSR generated,
CA-signed
cerficate
external
device
Valid combinaon of EC key and cerficate
Figure 34: Key and certificate combination
EC key
The first decision is if the preinstalled key on the device or an external key shall be used. This
decision usually depends on the guidelines of the companies. The key pre-installed in the
device complies with ABB's minimum cyber security requirements. According to this, the key
is unique and the private part is not read out. However, some companies need to use their
own keys and this is supported by the EDS500 managed switches. How to upload keys to the
device is described in the next chapter.
At this point it should be mentioned that the key, especially the private part, must never be
transmitted over an insecure connection. This should also be avoided over supposedly secure
connections.
ADVICE
Private keys must be protected against access by third parties under all circumstances.
The device EC key is not deleted when using an external EC key. It remains in the device, but is
inactive.
Certificate
Certificates can be generated in the device based on the current EC Key. As soon as the device
has a valid EC key (external or device), it automatically generates a valid certificate (self-
signed). This certificate can be downloaded and added to the used browser.
1KGT151021
V000 1
113
Содержание EDS500 Series
Страница 8: ...References Introduction 8 1KGT151021 V000 1 ...
Страница 152: ...Certificate Management Functions 152 1KGT151021 V000 1 ...
Страница 155: ...1KGT151021 V000 1 155 ...