60
Expert Net Control 2302
© 2021 GUDE Systems GmbH
Specifications
·
or use of the Firefox browser
·
or use of ECC 256 (no RSA) certificates
·
or configure to "TLS v1.2 only
Creating your own Certificates
The SSL stack is supplied with a specially newly generated self-signed certificate. There is no
function to generate the local certificate anew at the touch of a button, since the required ran-
dom numbers in an embedded device are usually not independent enough. However, you can
create new certificates and import them to the device. The server accepts RSA (2048/4096)
and ECC (Elliptic Curve Cryptography) certificates.
Usually OpenSSL is used to create an SSL certificate. For Windows for example, there is the
light version of
. There you open a command prompt, change to the
directory "C:\OpenSSL-Win32\bin" and set these environment variables:
set openssl_conf=C:\OpenSSL-Win32\bin\openssl.cfg
set RANDFILE=C:\OpenSSL-Win32\bin\.rnd
Here are some examples for the generation with OpenSSL:
Creation of a self-signed RSA 2048-bit certificate
openssl genrsa -out server.key 2048
openssl req -new -x509 -days 365 -key server.key -out server.crt
RSA 2048-bit certificate with Sign Request:
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl req -x509 -days 365 -key server.key -in server.csr -out server.crt
The server keys should be created with "openssl genrsa". The Gude device pro-
cesses keys in the traditional PKCS#1 format. This can be recognized by the fact that
the generated key file starts with "-----BEGIN RSA PRIVATE KEY-----". If the file starts
with "-----BEGIN PRIVATE KEY-----", the file is in PKCS#8 format and the key is not re-
cognized. If you have only a key in PKCS#8 format, you can convert it to PKCS#1 with
openssl: "
openssl rsa -in pkcs8.key -out pkcs1.key
".
ECC Certificate with Sign Request:
openssl ecparam -genkey -name prime256v1 -out server.key
openssl req -new -key server.key -out server.csr
openssl req -x509 -days 365 -key server.key -in server.csr -out server.crt
If you have created your key and certificate, both files are concatenated to one file:
Linux:
cat server.crt server.key > server.pem
Windows:
copy server.crt + server.key server.pem
The created server.pem can only be uploaded in the maintenance section of the
device.
Содержание Expert Net Control 2302
Страница 1: ...Manual Expert Net Control 2302 2021 GUDE Systems GmbH Manual Ver 1 3 0 from Firmware Ver 1 3 ...
Страница 2: ...2 Expert Net Control 2302 2021 GUDE Systems GmbH ...
Страница 5: ...Device Description ...
Страница 13: ...Operating ...
Страница 23: ...Configuration ...
Страница 51: ...Specifications ...
Страница 82: ...Support ...
Страница 88: ...88 Expert Net Control 2302 2021 GUDE Systems GmbH Expert Net Control 2302 2021 GUDE Systems GmbH 11 18 2021 ...