Knowledge Base

 
Reset Search
 

 

Article

Manual: System Settings → Certificate Management

« Go Back

Information

 
Content

Certificate Management


Through the CradlePoint administration pages you now have the ability to create, manage, sign, and import/export X.509 certificates – frequently referred to as SSL certificates – under Network Settings → Certificate Management. Our implementation integrates an OpenSSL toolkit solution. It includes the abiility to create your own CA certificates and self-signed certificates.

For background information on digital certificates, see the following Wikipedia articles:

Digital certificates have multiple possible uses in a CradlePoint networking setup. For example, a digital certificate is a much more secure option for VPN tunnel authentication than a pre-shared key.

Go to the following sections for more information about specific certificate management options:

image

Not all Certificate Management options displayed here are currently available via the Enterprise Cloud Manager configuration pages.

Create Certificates

Complete the following fields to create certificates locally, including CA (certificate authority) certificates.

To create local certificates without sending signature requests to a third-party CA, first create a CA certificate with this interface and then create additional certificates that you sign with your CA:

  • Step 1: Create a CA certificate. In the Issuer section select Set as CA certificate.
  • Step 2: Create additional certificates. In the Issuer section select Sign with CA certificate and then select the CA certificate you created in step 1 from the dropdown list.

image

General Description

  • Name: Choose a name meaningful to you.

Issuer

  • Set as CA certificate: Select if the certificate you are creating is intended to be a CA.
  • Sign with CA certificate: Select to sign this certificate with a CA you created previously.
    • Certificate Name: Select your CA certificate from the dropdown list of local certificates.

Subject

  • Country Name: 2-letter country code (e.g., AU, UK, US)
  • State or Province Name: The name of your state or region
  • Local Name: Generally the city or town
  • Organization Name: Company name
  • Organization Unit: Company division name
  • Common Name: Must be unique; if used for authentication, this must match the configured Common Name (CN) on the third-party authenticator
  • Email Address

Validity

  • Days: Input the number of days the certificate should remain valid (999 days maximum).

Public Key Algorithm

  • Type: Select one of the following:
  • Digest: The following cryptographic hash functions are listed in order of increasing security. More security requires more router resources.
  • Bits: A greater bit size is more secure, but requires more router resources. Some devices do not support 2048 bits, so ensure compatibility.
    • 1024
    • 2048

Certificate Signing Request

Request a certificate signature from a remote CA. Using an established, third-party CA increases the likelihood that your certificate will be trusted by others (see security issues for self-signed certificates for more information).

Generate a certificate signing request (CSR) by selecting a certificate from the dropdown list (Name field) and downloading the CSR. The CSR can then be sent to a remote CA for a signature. Once the certificate has been signed, import the certificate in PEM or PKCS #12 format.

image

When you export the CSR, select a Digest, or cryptographic hash function. These are listed in order of increasing security. More security requires more router resources.

Local Certificates

This is a table of local certificates, including certificate details.

Remove a local certificate by selecting the certificate and clicking the Remove button.

image

  • Name: Friendly description of the certificate.
  • Country: (C) The certificate owner’s country of residence.
  • State or Province: (ST) the certificate owner’s state or province of residence
  • Location: (L) The certificate issuer’s locality (city, town, etc.).
  • Org.: (O) The organization to which the certificate issuer belongs.
  • Org. Unit: (OU) The name of the organizational unit to which the certificate issuer belongs
  • Common Name: (CN) Name used to match authentication credentials.

Import/Export PEM Format Certificates

PEM is a container format for encoding data – in this case, X.509 certificates. PEM was originally designed for encoding email (PEM stands for Privacy-enhanced Electronic Mail), but it has never been widely used for that purpose. The format is much more common for encoding digital certificates.

The PEM format uses Base64 and DER (Distinguished Encoding Rules) encoding.

Import

Choose a certificate file in PEM format from your computer or local device and upload it to the router. Give the certicate a name that is meaningful to you.

image

Export

Select a local certificate from the dropdown list and download it to your computer or local device in PEM format.

image

Import/Export PKCS #12 Format Certificates

PKCS #12 is one of the public-key cryptography standards. PKCS #12 files bundle public and private certificate keys in an archive file format. The PKCS #12 container format is more secure than the PEM container format because it is protected by an encryption key.

Import

Choose a certificate file in PKCS #12 format from your computer or local device and upload it to the router. Give the certicate a name that is meaningful to you.

PKCS #12 files are protected by a passphrase – you must know this key to import the file.

image

Export

Select a local certificate from the dropdown list and download it to your computer or local device in PKCS #12 format.

When you export this file, you must create a passphrase to protect it. This key is required for future use of the file.

image


NOTE: This article may contain links that direct you to non-CradlePoint, Inc. owned websites, and these links are not under the control of CradlePoint, Inc. or any of its representatives. CradlePoint, Inc. is not responsible for the content of any linked site or any link contained in a linked site or any changes or updates to such sites outside of cradlepoint.com. CradlePoint is providing these links as a convenience, and the inclusion of any link does not imply endorsement of the site by CradlePoint, Inc. or any of its representatives.

This article not have what you need?  Not find what you were looking for?  Think this article can be improved?  Please let us know at suggestions@cradlepoint.com
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255