ISY994 Series Network Security Configuration Guide Requires firmware version 3.3.1+ Requires Java 1.7+



Similar documents
ISY994 Series OpenADR 2.0(a)/(b) Configuration Guide *Requires firmware

Using Microsoft s CA Server with SonicWALL Devices

CA Nimsoft Unified Management Portal

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

Working with Portecle to update / create a Java Keystore.

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Secure IIS Web Server with SSL

X.509 Certificate Generator User Manual

Device Certificates on Polycom Phones

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

e-cert (Server) User Guide For Microsoft IIS 7.0

HP Device Manager 4.7

Marriott Enrollment Server for Web User Guide V1.4

Generating a Certificate Signing Request (CSR) from LoadMaster

Setup Guide. network support pc repairs web design graphic design Internet services spam filtering hosting sales programming

TechNote. Contents. Overview. Using a Windows Enterprise Root CA with DPI-SSL. Network Security

Protected Trust Setup Guide for Brother MFC Devices

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

client configuration guide. Business

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Clearswift Information Governance

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Sophos Mobile Control Installation guide

App Orchestration 2.5

USERS GUIDE. How to acquire an Associate Digital Identity Certificates from the ica Identity Authority and Configure MAS

Enabling SSL and Client Certificates on the SAP J2EE Engine

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Copyright 2013, 3CX Ltd.

How to Obtain an APNs Certificate for CA MDM

CITRIX TROUBLESHOOTING TIPS

Sophos Mobile Control Installation guide. Product version: 3.5

Installation Guide. SafeNet Authentication Service

Secure Global Desktop (SGD)

Service Manager 9.32: Generating SSL Profiles for an F5 HWLB

Contents. VPN Instructions. VPN Instructions... 1

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

ECA IIS Instructions. January 2005

etoken Enterprise For: SSL SSL with etoken

Using TLS Encryption with Microsoft Outlook 2007

Sophos Mobile Control Installation guide. Product version: 3.6

FortiClient SSL VPN Client User s Guide

BEA Weblogic Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Certificates for computers, Web servers, and Web browser users

MadCap Software. Upgrading Guide. Pulse

Exchange Reporter Plus SSL Configuration Guide

Generating an Apple Push Notification Service Certificate

1. Open the Account Settings window by clicking on Account Settings from the Entourage menu.

Configuring SSL in OBIEE 11g

LoadMaster SSL Certificate Quickstart Guide

APNS Certificate generating and installation

IIS, FTP Server and Windows

Toll Free: International:

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

USING SSL/TLS WITH TERMINAL EMULATION

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Installing Digital Certificates for Server Authentication SSL on. BEA WebLogic 8.1

SSL SSL VPN

Mobile Device Management Version 8. Last updated:

Replacing vcenter Server 4.0 Certificates VMware vsphere 4.0

HTTPS Configuration for SAP Connector

Managed Services PKI 60-day Trial Quick Start Guide

Open Thunderbird. To set up an account in Thunderbird, from the Tools menu select Account Settings; choose account; then click Next.

IIS 6.0SSL Certificate Deployment Guide

Scan to Quick Setup Guide

IOS 8: Configure IMAP/POP/SMTP

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

SolarWinds Technical Reference

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Obtaining SSL Certificates for VMware View Servers

Weston Public Schools Virtual Desktop Access Instructions

Host Access Management and Security Server

EventTracker Windows syslog User Guide

GETTING STARTED WITH QUICKEN 2010, 2009, and for Windows. This Getting Started Guide contains the following information:

CHECKLIST FOR THE MARKET SYSTEMS...

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

1. Navigate to Control Panel and click on User Accounts and Family Safety. 2. Click on User Accounts

How to Order and Install Odette Certificates. Odette CA Help File and User Manual

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Sophos Mobile Control Installation guide. Product version: 3

Generating and Installing SSL Certificates on the Cisco ISA500

OpenScape Business V1R3 myreports

Document Classification: Public Document Name: SAPO Trust Centre - Generating a SSL CSR for IIS with SAN Document Reference:

Obtaining SSL Certificates for VMware Horizon View Servers

The IceWarp SSL Certificate Process

DreamFactory on Microsoft SQL Azure

Creating an Apple APNS Certificate

IceWarp SSL Certificate Process

Scenarios for Setting Up SSL Certificates for View

MICROSOFT OFFICE 365 EXCHANGE ONLINE CLOUD

WHITE PAPER Citrix Secure Gateway Startup Guide

NSi Mobile Installation Guide. Version 6.2

Wildcard Certificates

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Configuring a Windows 2003 Server for IAS

Install and Configure Oracle Outlook Connector

Transcription:

ISY994 Series Network Security Configuration Guide Requires firmware version 3.3.1+ Requires Java 1.7+

Introduction Universal Devices, Inc. takes ISY security extremely seriously. As such, all ISY994 Series are equipped with network security features. ISY994 PRO series add more advanced security features to address all facets of network communications with ISY. Table 1, lists features in each platform: ISY994 Series ISY994 PRO Series TLS/SSL Level SSL 3.0 User selectable: SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 Cipher Suites TLS_RSA_WITH_RC4_128_MD5 User selectable: Ciphers are offered in the order listed below. Low Strength: TLS_RSA_WITH_RC4_128_MD5 Medium Strength: TLS_RSA_WITH_AES_128_SHA TLS_RSA_WITH_AES_256_SHA TLS_RSA_WITH_RC4_128_SHA Server Certificates Client Certificates Client Authentication Server Authentication Import CA Certs for Authentication Table 1. Feature comparison Self Signed Signed by a CA PKCS12 (.pfx) Import (can be used for wildcard certificates) Self Signed Signed by a CA PKCS12 (.pfx) Import (can be used for wildcard certificates) No No No High Strength: TLS_RSA_WITH_AES_128_SHA2 TLS_RSA_WITH_AES_256_SHA2 TLS_RSA_WITH_AES_128_SHA TLS_RSA_WITH_AES_256_SHA Self Signed Signed by a CA PKCS12 (.pfx) Import (can be used for wildcard certificates) Self Signed Signed by a CA PKCS12 (.pfx) Import (can be used for wildcard certificates) Yes: User selectable Yes: User selectable Yes

Logging into ISY dashboard a) If you do not have Java installed, please install the latest for your platform. You may find the latest Java downloads at http://www.java.com/getjava. Please choose the latest JRE for your platform. Note: you need Java 1.7 and above b) If you do NOT yet have the dashboard installed, go to http://isy.universaldevices.com/994i/version/dashboard.jnlp ; where version is your current ISY s firmware version and it must be 3.3.8 or above. Example: http://isy.universaldevices.com/994i/4.1.2/dashboard.jnlp a. Login using your ISY s credentials

Configure Network Security: ISY994 Series Default operations for ISY994 Series are: 1. SSL 3.0 2. Low Strength

Configure Network Security: ISY994 PRO Series

a. Protocol A maximum protocol level supported by client or server. Please note that if you use TLS 1.2 and if the peer is requesting TLS 1.0, then ISY will downgrade to TLS 1.0. b. Strength The symmetric key strengths. Each cipher suites strength has an ordered/priority list of cipher suites that ISY will use to determine its operations. The priority is from high to low (top to bottom): High: SSL_RSA_WITH_AES_128_SHA2 SSL_RSA_WITH_AES_256_SHA2 SSL_RSA_WITH_AES_128_SHA SSL_RSA_WITH_AES_256_SHA Medium: SSL_RSA_WITH_AES_128_SHA SSL_RSA_WITH_AES_256_SHA SSL_RSA_WITH_RC4_128_SHA Low: SSL_RSA_WITH_RC4_128_MD5 c. Verify Whether or not client/server authentication should be performed on the peer: i. The certificate must be valid ii. The certificate must be signed by a CA (see #d. CA Certificates), through a certificate path, which is known to ISY Care should be taken when Verify is checked for Server Settings. In this case, all clients (including browsers and mobile devices) must provide ISY with a valid certificate. This might not be optimal in normal operations since most browsers/mobile devices do not offer any certificates and thus ISY may not be reachable over HTTPS. Care should also be taken when Verify is checked for Client Settings. In this case all communications initiated from ISY to external HTTPS resources shall be validated. This might cause problems with Portals (such as MobiLinc) and Network resources which communicate with devices that do not have valid certificates. This may also interfere with SMTP operations that require TLS.

In short and unless you have explicit requirements, such as OpenADR then it s best to keep Verify unchecked. d. CA Certificates In order for Verify (Client/Server Authentication) to work, you will need to import Certificate Authority signing certificates into ISY. Please note that if you would like to support a certificate that goes through a chain to reach the root signing certificate, then you must import all the certificates in the chain and all the way up to the root. To import CA Certificates, click on the CA Certificates button and then click on Import to import CA certificates (see below). You can always use the trusted certificates in your browser to export (in PEM format) and then import into ISY.

Certificate Management The operations for Server Certificates and Clients Certificates are identical. As such, in this section only Server Certificates are discussed. In the Network Dialog (see section 3), click on the Server Certificate. You will be prompted by: Yes: This will load the certificate store from ISY for which you must have a valid password that you had setup before. No: This will recreate a new certificate store and overwrites any previous certificate information. The requested password is the password you would like to use to access the store in the future (see Yes).

a. Key Strength Key Strength is the initial RSA Key Strength which may be 512, 1024, and 2048 bits. The higher the strength, the slower the initial connection with ISY (up to 10 seconds for 2048 bits). Please note that once the initial connection has been established, then this parameter no longer plays a role and communication and cryptographic methods are then based on the strength of the chosen cipher suite s symmetric key. Note: Although ISY supports 512, 1024, and 2048 bits for self signed certificates, however and in case of certificate requests the strength is subject to the approval of the certificate authority. In most cases, the lowest key strength approved by certificate authorities is 2048. b. Import Cert. If you have a PKCS12 (pfx) format file which includes both the Certificate as well as the Private Key, then choose this option to import your certificate/key combination into ISY. You will need to use this feature if you intend to use a preexisting certificate (including wildcard certificates). Once imported successfully, ISY will reboot for the changes to take effect. c. Export Cert. Use this button to export an existing certificate in PEM format. You may want to use this option to import ISY s certificate into a browser s (or other clients ) certificate store. d. Self Signed If you wish to create a self signed certificate, make sure to enter and/or update (in case you are working on an existing certificate) all the necessary information in the fields and then click on the Self Signed button. Once done, ISY will be rebooted for the changes to take effect.

e. Cert. Request If you wish to have your certificate signed by a CA, you need to create a CSR. To create a CSR, make sure to enter and/or update (in case you are working on an existing certificate) all the necessary information in the fields and then click on the Cert. Request button. You will be presented with a dialog containing the Certificate Request (see below). Simply right mouse click to copy the contents and then send it to the Certificate Authority. Make sure to click the Save button on SSL Certificate Management dialog once done. You may also want to keep a copy of your CSR in case you need to recreate it. This is because ISY creates a new Private Key for every CSR request and thus you will have to start the whole process from scratch in case the original CSR is lost/misplaced.

f. Receive Cert. If you have already made a Cert Request (#d) and have now been given an actual certificate based on your Cert Request (CSR), then click on the Receive Cert button to import the Certificate into ISY. You will be presented with a dialog to paste the certificate into (see below). Once imported successfully, ISY will reboot for the changes to take effect.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information