Online help

Certificate Manager

The certificates and keys as well as the Diffie-Hellman parameter set and the certificate revocation lists (CRL) stored in the certificate manager are used for authentication and encryption of protected connections and authentication of router accesses.

A CA certificate (or root certificate) is the certificate of a Certificate Authority (CA) that is used to verify all further certificates or keys generated from this certificate authority.

The (public) certificate and the (secret) private key form a key pair together. This must be generated by the same CA for all participants.

The Diffie-Hellman parameter set is a non-secret file, which contains carefully created random numbers and is used for encryption.

The Certificate Revocation List (CRL) serves to describe the invalidity of certificates. It allows to determine whether a certificate has been blocked or revoked.

The static OpenVPN key (PSK, Pre-shared Key) can be used for OpenVPN connections as an alternative to the certificate-based authentication. In this case, the client and the server must have an identical static key to authenticate themselves to each other.

Certificates are usually created for a certain number of years or months. Therefore, the router clock must be configured correctly. Otherwise, the certificate might be considered as expired and the authentication will fail.

Back to overview