 |
Online help |
Certificate Manager
The certificates and keys as well as the Diffie-Hellman parameter set and the certificate revocation lists (CRL) stored in the certificate manager are used for authentication and encryption of protected connections and authentication of router accesses.
A CA certificate (root certificate/intermediate certificate) is the certificate of a Certificate Authority (CA) that is used to verify all further certificates or keys generated from this certificate authority.
The (public) certificate and the (secret) private key form a key pair together. This must be generated by the same CA for all participants.
The Diffie-Hellman parameter set is a non-secret file, which contains carefully created random numbers and is used for encryption.
The Certificate Revocation List (CRL) serves to describe the invalidity of certificates. It allows to determine whether a certificate has been blocked or revoked.
The static OpenVPN key (PSK, Pre-shared Key) can be used for OpenVPN connections as an alternative to the certificate-based authentication. In this case, the client and the server must have an identical static key to authenticate themselves to each other.
 |
Certificates are usually created for a certain number of years or months. Therefore, the router clock must be configured correctly. Otherwise, the certificate might be considered as expired and the authentication will fail. |
The CA bundle of cURL with a series of standard CA certificates is pre-installed on the router. This permits a verification of the CA certificates when using standard servers (e.g. for e-mail, auto update) without having to upload the necessary CA certificates. If these standard CA certificates are not trusted, all necessary CA certificates have to be uploaded manually.