TipsUsing the Redirector :: Encryption
The Serial/IP Redirector can require the server to transmit an SSL certificate that the redirector can use to confirm the server's identity when the network connection to the server is being established.
In summary, the authentication process consists of the following steps, all of which must succeed for the SSL connection to continue:
The redirector accesses the contents of the certificate supplied by the server.
The redirector uses its Certificate Authority Keys to determine whether the certificate can be trusted.
If the redirector has been configured with Validation Criteria, those settings are used to determine whether the connection will be allowed.
In the Serial/IP Control Panel:
Click Advanced to get the Advanced Settings window.
Click the SSL Authentication tab.
Select the check box Require Validated Certificate.
To optionally specify validation criteria, select any check box and use the associated text field.
%h requires a match to the hostname the redirector used to connect to the server.
%a requires a match to the IP address the redirector used to connect to the server.
Any other text requires an exact match.
In Certificate Authority Keys, select one of the two sources for the certificate authority keys. If using keys from a file, type the filename or select the file using Choose File.
Click OK to make the changes effective.
TipsThe redirector has a built-in default set of certificate authorities.
A sample certificate authority file named "sampleca.pem" is provided in the Serial/IP installation folder. It is the certificate authority used to sign the sample certificate in "samplecert.pem".
NotesThe %h and %a entries are typically only useful for matching the Common Name field in Validation Criteria.
These settings are global for the redirector.
Related
Topics