48 DOMINION SX I NSTALLATION AND O PERATIONS MANUALCertificateOverviewThe Certificate configuration screen provides an area for Administrators to define security parameters. DominionSX supports certificate-based server authentication to establish an encrypted SSL session and to assure the user thatthey are dealing with a correct web site. The encrypted SSL session, always through HTTPS connection, ensuresthat personal information sent over the network is secure. Dominion SX supports SSL 128-bit encryption, and willnegotiate with the client only at the specified security strength. The unit can act as a Certifying Authority andgenerate both self-signed CA Certificate and the Server Certificate. The certificate generated uses a 1024-bit publickey.Figure 50 Certificate Tab DisplayConfigurationWhen the user powers up the unit for the first time, an SSL certificate associated with the default IP address192.0.0.192 is generated. When the user tries to connect to the unit, a Security Alert is displayed because the CAroot certificate is not installed in the browser. Click on the [Yes] button to continue the Configuration process, andconfigure the unit. Please refer to Appendix C: Certificates for more information on how to install the certificateinto the browser to prevent the security alert window from appearing. After the configuration is completed, the unitreboots. The server certificate is generated once again, this time for the new IP address assigned to the unit.Certificate GenerationDominion SX provides different methods of generating certificates.• Default (or Self-Signed) Certificate: By default, the unit ships with a self-signed certificate signed by RaritanComputer. The certificate strength is 1024-bits and the certificate is valid for one year.• User Certificate: This method allows the installation of a user-generated certificate, which can be in one thefollowing forms:− User certificate generated from the CSR (Certificate Signing request) form. Clicking the “Generate CSR”button generates a CSR. In this case, only the certificate is installed into the unit. The certificate iscompared with the private key (already generated) before it is installed into the unit.− User Certificate and private key (without pass-phrase) generated by a trusted third-party are installed intothe unit.Once the certificates are installed, the unit will automatically reboot so that the certificates take effect. There is anoption that allows users to select either the self-generated or user-installed certificate at any time. Once installed,certificates are maintained in the unit. A status indicator at the top of the Certificate screen indicates the unit’sCertificate status, which might be:• Active default certificate.