3.2.6.4 Certificates

Some 2N^® Indoor Compact LAN services use the secure TLS protocol for communication with the other LAN devices. This protocol prevents third parties from eavesdropping on or modifying call contents. TLS is based on one/two-sided authentication, which requires certificates and private keys.

2N^® Indoor Compact services that use TLS:

1. Web server (HTTPS)
2. 802.1x (EAP-TLS)
3. SIPs

2N^® Indoor Compact allows you to download up to 3 sets of certificates issued by certification authorities, which help you authenticate the communicating device, and also 3 user certificates and private keys for encryption purposes.

Each certificate requiring service can be assigned one certificate set, refer to the 3.2.4.4 Web Server subsection. The certificates can be shared by multiple services.

2N^® Indoor Compact accepts the DER (ASN1) and PEM certificates.

Once powered up, 2N^® Indoor Compact generates automatically the so-called Self Signed certificate and a private key, which can be used for the Web server and E-mail services without the need to upload a unique certificate and private key.

Note

If you use the Self Signed certificate for encryption, the 2N^® Indoor Compact web server - browser communication is secure, but the browser notifies you that it cannot authenticate the 2N^® Indoor Compact certificate.

Refer to the tables below for the current list of trusted and user certificates:

Click to upload a certificate saved on your PC. Select the certificate (or private key) file in a dialogue window and click Upload. Press to remove a certificate from 2N^® Indoor Compact.

Caution

Note that a certificate with a private RSA key longer than 2048 bits may be rejected and the following message will be displayed:
The private key file/password was not accepted by the device!
For certificates based on elliptic curves use the secp256r1 (aka prime256v1 aka NIST P-256) and secp384r1 (aka NIST P-384) curves only.