Daxten LARA, Руководство пользователя, Страница: 70 / 89

58 CHAPTER 5. USAGE
Table 5.18 – continued from previous page
Parameter Description
Deleting a rule Enter the rule number and press ‘Delete’.
5.5.11. SSL Certificate Management
LARA uses the SSL
5
protocol for any encrypted network traffic between itself and a connected
client. During connection establishment, LARA has to expose its identity to a client using a
cryptographic certificate. Upon delivery, this certificate is the same for all LARAs ever produced
and certainly won’t match the network configurations that will be applied to the card by its user.
The certificate’s underlying secrete (private) key is also used for securing the SSL handshake. Hence,
this is a security risk (but far better than no encryption at all).
Table 5.19.: Certificate request required information
Parameter Description
Common name This is the network name of LARA once it is installed in the
user’s network (usually the fully qualified domain name). It is
identical to the name that is used to access the card with a Web
browser (without the ‘http://’ prefix). In case the name given
here and the actual network name differ, the browser will pop
up a security warning when the card is accessed over HTTPS.
Organizational unit This field is used for specifying to which department within an
organization LARA belongs.
Organization The name of the organization to which LARA belongs.
Locality/City The city where the organization is located.
State/Province The state or province where the organization is located.
Country The country where the organization is located. This is the two-
letter ISO code, e.g. DE for Germany or US for the USA.
Challenge Password Some certification authorities require a challenge password to
authorize later changes on the certificate (e.g. revocation of the
certificate). The minimal length of this password is 4 characters.
Confirm Challenge Pass-
word Confirmation of the Challenge Password
Email The email address of a security contact person that is responsible
for LARA.
Key length This is the length of the generated key in bits. 1024 Bits are
supposed be sufficient for most cases. Larger keys may result in
slower response time of LARA during connection establishment.
However, it is possible to generate and install a new certificate that is unique for a particular card.
In order to do that, LARA is able to generate a new cryptographic key and the associated so called
Certificate Signing Request that needs to be certified by a so called certification authority (CA).
A certification authority verifies that you are who you claim you are and signs and issues a SSL
certificate to you.
The following steps are necessary to create and install an LARA SSL certificate:
1. Create a SSL Certificate Signing Request using the panel shown in Figure 5.33 on the facing
page (Security Settings
→
SSL Settings
→
Create your own SSL certificate). You need to fill
5
SSL — Secure Socket Layer