Protected access to the web interface of the router
The following functions are available to protect the configuration of the router via the web interface:
Protected access via HTTPS connection
The web interface also allows a secure configuration using the HTTPS protocol. The HTTPS protocol allows an authentication of the server (i.e. the router) as well as an encryption of the data transmission.
Authentication via the device-individual certificate/key combination
The router will be authenticated via self-certified device-individual certificate/key combination by default. In case of a first access via the HTTPS protocol, the browser indicates that the router uses an invalid security certificate. The certificate is not trusted, because the CA (certification authority) certificate is unknown. You can ignore this warning and (depending on browser and operating system) add an exception for this server or establish the secure connection to this server nevertheless.
We recommend to download the CA certificate CA_INSYS_Router.pem from the firmware page and import it into your browser, to approve INSYS MICROELECTRONICS as certification authority. Proceed for this as described in the documentation of your browser.
If INSYS MICROELECTRONICS is stored as certification authority in your browser and you access the router again via the HTTPS protocol, the browser indicates again that an invalid security certificate is used. The certificate is not trusted, because the Common Name of the certificate differs from your input in the address bar of the browser. The browser indicates that a different device answers under this URL. The Common Name of the certificate consists of the MAC address of the router, where the colons are replaced by underscores. You can ignore this warning and (depending on browser and operating system) add an exception for this server or establish the secure connection to this server nevertheless.
In order to avoid this browser warning as well, you must enter the Common Name of the router to be accessed into the address bar of your browser. The Common Name must be connected with the IP address of the router that the URL leads to the correct device. You can find out the general name (Common Name) by downloading and viewing the certificate from the router. The proceeding for this depends on your browser. The proceeding for setting up the link depends on your operating system.
For further information, refer to the documentation of your operating system.
Authentication via an own certificate structure
Alternatively, it is also possible to use an own certificate structure and upload a self-generated certificate/key combination to the router to use this for the access via an HTTPS connection.
You need to upload your self-generated certificate/key combination in the certificate manager of the router first (menu Administration -> Certificates).
Then, this certificate/key combination must be selected when configuring the web interface access via HTTPS (menu Administration -> Web interface).
Authentication of a client using a certificate
This function allows to access the web interface of the router via an HTTPS connection without having to enter access data. The client authentication via certificate (menu Administration -> Web interface) must be activated for this. A CA certificate must be installed on the router (menu Administration -> Certificates) and selected for client authentication for this. A client certificate that has been generated with this CA certificate must be installed in the browser of the client that shall access the router. A CRL can be stored and selected optionally to be able to revoke already issued certificates later. The user group allows to restrict the rights for an access that is authenticated via a client certificate.