Lantronix PremierWave 2050 User Guide - Page 57

7: Administration CSR (Certificate Signing Request) The PremierWave 2050 module uses the Secure Socket Layer (SSL) protocol for any encrypted network traffic between itself and a connected client. During the connection establishment the PremierWave 2050 module has to expose its identity to a client using a cryptographic certificate. Upon leaving the factory this certificate and the underlying secret key is the same for all PremierWave 2050 modules and will not match the network configuration where it is installed. The certificate's underlying secret key is also used for securing the SSL handshake. Leaving the default certificate unmodified is all right in most circumstances and is necessary only if the network facility is vulnerable to man-in-the-middle attack. It is possible to generate and install a new base64 encoded x.509 certificate that is unique for a particular PremierWave 2050 module. The PremierWave 2050 module is able to generate a new cryptographic key and the associated Certificate Signing Request (CSR) that needs to be certified by a certification authority (CA). To create and install an SSL certificate, perform the following steps. 1. Click Administration > CSR (Certificate Signing Request). The Certificate Signing Request page displays. 2. Modify the following fields: Table 7-12 SSL CSR (Certificate Signing Request) Field Description Country (2 Letter code) The country where the organization is located. This is the two-letter ISO code (e.g., US for the United States). State/Province The state or province where the organization is located. Locality (City) The city where the organization is located. Organization The organization name to which the PremierWave 2050 module belongs. Organization Unit Common Name Key length This field specifies to the department within an organization to which the PremierWave 2050 module belongs. The network name of the PremierWave 2050 module once it is installed in the user's network (usually the fully qualified domain name). It is identical to the name that is used to access the PremierWave 2050 module with a web browser without the prefix http://. In case the name given here and the actual network name differ, the browser will pop up a security warning when the PremierWave 2050 module is accessed using HTTPS. Select the key length. 3. Click Create to initiate the Certificate Signing Request generation. Download the CSR by clicking Download. The Download button displays when a certificate is created. Send the saved CSR to a CA for certification. 4. Click Upload to upload the signed certificate from the computer to the PremierWave 2050 module. The PremierWave 2050 module now has its own certificate used for identifying itself to its clients. PremierWave® 2050 Enterprise Wi-Fi® IoT Module User Guide 57