5.2.8.4 Certificates
Some 2N® Clip LAN services use the secure TLS protocol for communication with the other LAN devices. This protocol prevents third parties from eavesdropping on or modifying call contents. TLS is based on one/two-sided authentication, which requires certificates and private keys.
Services Using TLS Protocol
- Web server (HTTPS)
- 802.1x (EAP-TLS)
- SIPs
The device allows you to upload up to 3 sets of CA certificates, which help you authenticate the communicating device, and also 3 user certificates and private keys for encryption purposes.
Each certificate-requiring service can be assigned one of the certificate sets, refer to 5.2.6.4 Web Server.
The device supports the DER (ASN1) and PEM certificate formats.
Upon the first power up, the intercom automatically generates the Self Signed certificate and private key for the Web server services without forcing you to load a certificate and private key of your own.
Note
If you use the Self Signed certificate for encryption of the device web server – browser communication, the communication is secure, but the browser will warn you that it is unable to verify the device certificate validity.
The current list of uploaded CA and user certificates is available in the following two folders: CA Certificates and User Certificates.
Certificate Upload
- Click to upload a certificate saved in the storage.
- Select the certificate (or private key) file in a dialog window.
- Press the Upload button.
- Press to remove a certificate from the device.
Note
- A certificate with a private RSA key longer than 2048 bits can be rejected. and the following message will be displayed: “The private key file/password was not accepted by the device!”
- For certificates based on elliptic curves use the secp256r1 (aka prime256v1 aka NIST P-256) and secp384r1 (aka NIST P-384) curves only.