Configuration and startup
3785_en_B
PHOENIX CONTACT
23
4.6.2
Security
The GW EIP/ASCII... includes several security options for data encryption and device
authentication. It is possible to configure the GW EIP/ASCII.... so that only authorized client
applications can connect using SSL/TLS. For secure operation, the GW EIP/ASCII... uses
a set of four keys and certificates. These keys and certificates are configurable.
To configure security settings:
1.
From the “LAN Settings” page, click the “Security” tab.
Figure 4-5
“LAN Settings/Security” page
2.
Configure the GW EIP/ASCII... so that only authorized client applications can connect
using SSL/TLS.
For secure operation, the GW EIP/ASCII... uses a set of four keys and certificates.
These keys and certificates may be configured.
RSA Key pair used by SSL and SSH servers:
This is a private/public key pair that is
used for two purposes:
–
It is used by some cipher suites to encrypt the SSL/TLS handshaking messages.
Possession of the private portion of this key pair allows an eavesdropper to decrypt
traffic on SSL/TLS connections that use RSA encryption during handshaking.
–
It is used to sign the RSA server certificate in order to verify that the
GW EIP/ASCII... is authorized to use the RSA server identity certificate.
If the RSA server key is to be replaced, a corresponding RSA identity certificate must
also be generated and uploaded, or clients cannot verify the identity certificate.
RSA Server Certificate used by SSL servers
: This is the RSA identity certificate that
the GW EIP/ASCII... uses during SSL/TLS handshaking to identify itself. It is used most
frequently by SSL server code in the GW EIP/ASCII... when clients open connections
to the GW EIP/ASCII... secure web server or other secure TCP ports. If a
GW EIP/ASCII... serial port configuration is set up to open (as a client) a TCP
connection to another server device, the GW EIP/ASCII... also uses this certificate to
identify itself as an SSL client if requested by the server.
In order to function properly, this certificate must be signed using the RSA server key.
This means that the RSA server certificate and RSA server key must be replaced as a
pair.
Possession of the private portion of this key pair allows others to pose as the
GW EIP/ASCII....
Содержание 2702772
Страница 1: ...User manual UM EN GW EIP ASCII Protocol converter for ASCII to EtherNet IP...
Страница 6: ...GW EIP ASCII 4 PHOENIX CONTACT 3785_en_B...
Страница 14: ...GW EIP ASCII 12 PHOENIX CONTACT 3785_en_B...
Страница 52: ...GW EIP ASCII 50 PHOENIX CONTACT 3785_en_B...
Страница 82: ...GW EIP ASCII 80 PHOENIX CONTACT 3785_en_B...