Crestron
e-Control
®
Software
Crestron’s implementation of SSL is based on OpenSSL (
0.9.6a. The encryption algorithms and the key lengths supported in the 2-Series
processor are as follows:
Name
Type
Session key lengths (bits)
DES Symmetric 56
3DES Symmetric 168
RC2 Symmetric 128
RC4 Symmetric 128
DH Asymmetric
512
RSA Asymmetric
512
SSL-enabled clients and servers confirm each other’s identities using
digital
certificates
. Digital certificates are issued by trusted third-party enterprises called
Certificate Authorities, or CAs. From the certificate, the sender can verify the
recipient's claimed identity and recover their public key. By validating digital
certificates, both parties can ensure that an imposter has not intercepted a
transmission and provided a false public key for which they have the correct private
key.
A CA-signed certificate provides several important capabilities for a Web server:
•
Browsers will automatically recognize the certificate and allow a secure
connection to be made, without prompting the user. (If a browser encounters
a certificate whose authorizing CA is not in its list of trusted CAs, the
browser will prompt the user to accept or decline the connection.)
•
When a CA issues a signed certificate, they are guaranteeing the identity of
the organization that is providing the Web pages to the browser.
Alternatively,
self-signed certificates
can be generated for secure Web servers, but
self-signed certificates do not provide the same functionality as CA-signed
certificates. Browsers will not automatically recognize a self-signed certificate; and a
self-signed certificate does not provide any guarantee concerning the identity of the
organization that is providing the server.
In addition, handshaking is much faster in the case of CA-signed certificates because
the process of creating private/public keys is CPU intensive. With self-signed
certificates, these keys are created at every instance of a handshake, whereas with
CA-signed certificates the keys are already loaded. A CA-signed certificate thus
provides many important capabilities for a secure server.
There are various Certificate Authorities, notable among them being Thawte and
Verisign. For a fee, a CA investigates the organization hosting the server and issues a
certificate vouching for the identity of the server. The procedure for
obtaining/enrolling for a CA-signed certificate varies with each CA and is described
on their Web sites. However, all CAs require a CSR, or
C
ertificate
S
igning
R
equest.
The CSR can be copied and pasted to the online enrollment form or sent via e-mail to
the CA, along with any other pertinent information the CA requires. The CA then
issues the certificate, usually via e-mail. The Crestron Viewport provides all the
certificate management tools necessary to generate a CSR and upload the certificate
to the 2-series processor.
Reference Guide – DOC. 6052
Crestron e-Control®
•
13
Содержание e-Control
Страница 1: ...Crestron e Control Reference Guide...
Страница 62: ...Software Crestron e Control 58 Crestron e Control Reference Guide DOC 6052...
Страница 63: ...Crestron e Control Software Reference Guide DOC 6052 Crestron e Control 59...
Страница 71: ...Crestron e Control Software This page intentionally left blank Reference Guide DOC 6052 Crestron e Control 67...
Страница 72: ......
Страница 73: ...Crestron e Control Software This page intentionally left blank Reference Guide DOC 6052 Crestron e Control 69...