Online help

Certificate Manager

The certificates and keys as well as the Diffie-Hellman parameter set and the certificate revocation lists (CRL) stored in the certificate manager are used for authentication and encryption of protected connections and authentication of router accesses.

A CA certificate (or root certificate) is the certificate of a Certificate Authority (CA) that is used to verify all further certificates or keys generated from this certificate authority.

The (public) certificate and the (secret) private key form a key pair together. This must be generated by the same CA for all participants.

The Diffie-Hellman parameter set is a non-secret file, which contains carefully created random numbers and is used for encryption.

The Certificate Revocation List (CRL) serves to describe the invalidity of certificates. It allows to determine whether a certificate has been blocked or revoked.

The static OpenVPN key (PSK, Pre-shared Key) can be used for OpenVPN connections as an alternative to the certificate-based authentication. In this case, the client and the server must have an identical static key to authenticate themselves to each other.

Certificates are usually created for a certain number of years or months. Therefore, the router clock must be configured correctly. Otherwise, the certificate might be considered as expired and the authentication will fail.

The CA bundle of cURL with a series of standard CA certificates is pre-installed on the router. This permits a verifiation of the CA certificates when using standard servers (e.g. for e-mail, auto update) without having to upload the necessary CA certificates. If these standard CA certificates are not trusted, all necessary CA certificates have to be uploaded manually.

Back to overview