Lantronix EMG 8500 EMG User Guide - Page 158
Services, Version 3 TLS over TCP, Apply, To con TLS v3 over TCP
View all Lantronix EMG 8500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 158 highlights
8: Services Certificate fingerprints may be required by applications interfacing the SNMP applications of EMG when TLS is used. EMG will display the SHA1 and SHA256 fingerprint of the certificate authority and certificate files when they are uploaded into EMG. The fingerprint of the client certificate must also be configured when authenticating the EMG agent with a client or tool that queries the agent. For information about generating a certificate authority (or root) file, agent (or server) certificate and key, and client certificate and key with OpenSSL, see Creating a Certificate. We recommend you to set the message digest used when creating the certificates to SHA1 or SHA256, depending on the level of security required. When EMG is in FIPS mode, only certificates with a message digest of SHA256 or higher are allowed. To set the message digest used by OpenSSL, in step (1b) of the instructions referenced above, change default in the line below in openssl.cnf to either sha1 or sha256. default_md = default # use public key default MD To configure TLS v3 (over TCP): 1. Click Services tab and select SNMP. The SNMP page appears. 2. In the Version 3 TLS (over TCP) section, enter the following: 3. To save, click Apply. Client Certificate Fingerprint Enter the SHA1 or SHA256 fingerprint of the certificate used by the client or tool that queries the EMG agent. For example, a SHA256 fingerprint is a string of 59 characters: D9:E5:DD:11:58:D2:DF:E0:D9:99:AE:A3:DB:57:24:21:A7:0A:20: 5A CertificateUsername Mapping / String EMG requires a mapping from a field in the certificate used by the client or tool that queries the EMG agent to an SNMP v3 user name used internally by the EMG. This provides an extra layer of security to verify the client's identity. The EMG will extract the designated field from the certificate and match it with what is specified in String. Select among the following fields in the client certificate: User Name: The SNMP v3 user name. It does not need to be a field in the certificate. E-mail Address: The email address mentioned in the subjectAltName field of the certificate. FQDN: The DNS name mentioned in the subjectAltName field of the certificate. For example, abc.lantronix.com. IP Address: The IP address mentioned in the subjectAltName field of the certificate. For example, 10.0.1.150. Common Name: The common name mentioned in the certificate. For example, "EMG" or "John Smith". By default, this option is selected. Any: Indicates that any of the subjectAltName fields in the certificate can be used. For example, if the common name in the certificate is "John Smith", select Common Name for Certificate-Username Mapping. and then enter John Smith in the String field. Certificate Authority Indicates the Certificate Authority used by the agent certificate and the client/traps certificate. Note: The certificate authority, agent certificate and client/traps certificate can be viewed by clicking the View link to the associated the filename. It will also display the SHA1 and SHA256 fingerprint of the certificate. All certificate files can be deleted by clicking the Delete Certificate Files check box. Certificate File for The certificate file for the EMG agent. Agent EMG™ Edge Management Gateway User Guide 158