48 DOMINION SX I NSTALLATION AND O PERATIONS MANUALCertificateOverviewThe Certificate configuration screen provides an area for Administrators to define security parameters.Dominion SX supports certificate-based server authentication to establish an encrypted SSL session and toassure the user that they are dealing with a correct web site. The encrypted SSL session, always throughHTTPS connection, ensures that personal information sent over the network is secure. Dominion SXsupports SSL 128-bit encryption, and will negotiate with the client only at the specified security strength.The unit can act as a Certifying Authority and generate both self-signed CA Certificate and the ServerCertificate. The certificate generated uses a 1024-bit public key.Figure 49 Certificate Tab DisplayConfigurationWhen the user powers up the unit for the first time, an SSL certificate associated with the default IP address192.168.0.192 is generated. When the user tries to connect to the unit, a Security Alert is displayed becausethe CA root certificate is not installed in the browser. Click on the [Yes] button to continue theConfiguration process, and configure the unit. Please refer to Appendix C: Certificates for moreinformation on how to install the certificate into the browser to prevent the security alert window fromappearing. After the configuration is completed, the unit reboots. The server certificate is generated onceagain, this time for the new IP address assigned to the unit.Certificate GenerationDominion SX provides different methods of generating certificates.• Default (or Self-Signed) Certificate: By default, the unit ships with a self-signed certificate signed byRaritan Computer. The certificate strength is 1024-bits and the certificate is valid for one year.• User Certificate: This method allows the installation of a user-generated certificate, which can be inone the following forms:− User certificate generated from the CSR (Certificate Signing request) form. Clicking the“Generate CSR” button generates a CSR. In this case, only the certificate is installed into the unit.The certificate is compared with the private key (already generated) before it is installed into theunit.− User Certificate and private key (without pass-phrase) generated by a trusted third-party areinstalled into the unit.Once the certificates are installed, the unit will automatically reboot so that the certificates take effect.There is an option that allows users to select either the self-generated or user-installed certificate at anytime. Once installed, certificates are maintained in the unit. A status indicator at the top of the Certificatescreen indicates the unit’s Certificate status, which might be:• Active default certificate.• Active user certificate.