Chapter 6. Menu Options
Certificate
Figure 6-29. Certificate Settings
The ASMI module uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic
between itself and a connected client. During the connection establishment the ASMI module has to
expose its identity to a client using a cryptographic certificate. After delivery this certificate and the
underlying secret key is the same for all ASMI module ever produced and certainly will not match the
network configuration that will be applied to the ASMI module cards by its user. The certificate’s
underlying secret key is also used for securing the SSL handshake. Hence, this is a security risk (but far
better than no encryption at all).
However, it is possible to generate and install a new base64 x.509 certificate that is unique for a
particular ASMI module card. In order to do that, the ASMI module is able to generate a new
cryptographic key and the associated Certificate Signing Request (CSR) that needs to be certified by a
certification authority (CA). A certification authority verifies that you are the person who you claim to be
and signs and issues the SSL certificate to you.
To create and install an SSL certificate for the ASMI module the following steps are necessary:
71