SSL-certificate installation

 

When working with the device via HTTPS device generates a self-signed certificate. Installation of user certificate is available.
It should be noted that the performance of the device’s web interface is reduced due to the length of the key.

Certificate installation

Creating a self-signed certificate with OpenSSL

Self-signed certificates can be generated with a script:

#!/bin/sh CERT_PATH="." CERT_NAME=${CERT_PATH}/"custom" CERT_SUBJ="/C=SK/ST=Bratislava/L=Bratislava/O=Vutlan s.r.o./OU=IT Department/CN=vutlan.com" openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout "${CERT_NAME}.key" -out "${CERT_NAME}.pem" -subj "${CERT_SUBJ}"

Then install files custom.pem and custom.key under the certificate installation procedure.

You can install your certificate on the Preferences -> Network page. You must enable HTTPS and upload the key and certificate files.
After clicking the Save button, the settings will be saved and the system will automatically restart with new settings.

Or you can generate a self-signed HTTPS certificate directly in the system if this function is supported. Press the Self-signed certificate -> Generate button and wait for the end of the procedure. The certificate name will be displayed in the appropriate fields. The certificate has a validity of 10 years.

If the certificate files with an error and cannot be used by the system, then the system will use safe settings: port 80, HTTPS is disabled. The log will be a corresponding error message. 

Certificate installation for versions  2.5

Creating self-signed certificates by OpenSSL

Self-signed certificates can be generated by:

openssl req -x509 -nodes -days 365 -newkey cert.key -out cert.crt

Then combine with text editor both files cert.key and cert.crt in next steps: in the beginning content of cert.key, then the content of cert.crt. Save a file like custom.pem, copy it to the USB flash, and put a USB stick to the device USB port.

To install your own certificate file copy it to the USB-flash, rename the file to custom.pem, and put USB-flash to the device USB port.

After the completion of the exchange (the LED on the USB flash drive and flash off), remove the USB flash and open the web interface over HTTPS.

Commercial certificates

Vutlan systems are fully compatible with commercial certificates provided by trusted Certificate Authorities (CAs).

To use a commercial certificate, ensure the following files are prepared and correctly configured:

Certificate File:

Contains the public certificate issued by the CA (e.g., certificate.crt).

Key File

Contains the corresponding private key (e.g., private.key).

Both files must be in PEM format and properly matched. Install these files in the system's certificate directory and configure the certificate and key paths in the system settings.