3.2.5.4 Certificates

Some 2N^® Indoor Talk LAN services use the secure TLS protocol for communication with the other LAN devices. This protocol prevents third parties from eavesdropping on or modifying call contents. TLS is based on one/two-sided authentication, which requires certificates and private keys.

2N^® Indoor Talk services that use TLS:

1. Web server (HTTPS)
2. 802.1x (EAP-TLS)
3. SIPs

2N^® Indoor Talk allows you to download up to 3 sets of certificates from certification authorities, which help you authenticate the communicating device, and also 3 user certificates and private keys for encryption purposes.

Each certificate requiring service can be assigned one certificate set, refer to Web Server. The certificates can be shared by multiple services.

2N^® Indoor Talk accepts the DER (ASN1) and PEM certificates.

Once powered, 2N^® Indoor Talk generates automatically the so-called Self Signed certificate and a private key, which can be used for the Web server and E-mail services without the need to load a unique certificate and private key.

Note

If you use the Self Signed certificate for encryption, the 2N^®Indoor Talk web server - browser communication is secure, but the browser notifies you that it cannot authenticate the 2N^® Indoor Talk certificate.

Refer to the two tables below for the current list of loaded certificates from certification authorities and user certificates:

Press to download a certificate from your PC to the device. Select the certificate (or private key) file in a dialogue window and click Load. Press to remove a certificate from 2N^® Indoor Talk.

Note

Note that a certificate with a private RSA key longer than 2048 bits may be rejected and the following message appears: The private key file or password has not been accepted by the device!
For certificates based on elliptic curves use the secp256r1 (aka prime256v1 aka NIST P-256) and secp384r1 (aka NIST P-384) curves only.