IS200DTURH1A工控备件模块
n组织(O)是您组织的名称。组织单位(OU)是组织单位的名称。通用名称(CN)是您所在组织的名称。电子邮件是您组织的电子邮件。它必须是电子邮件地址格式。需要额外属性设置此字段用于指定用于生成证书的额外信息。质询密码是您将来可以用来请求证书吊销的密码。其他信息的非结构化名称。SCEP注册必需设置此字段用于指定SCEP的信息。要生成证书签名请求(CSR)并让SCEP服务器在线签名,请选中启用框。选择SCEP服务器以标识要使用的SCEP服务器。可以在外部服务器中指定服务器详细信息。请参阅对象定义>外部服务器>外部服务器。单击“添加对象”按钮以生成。选择CA证书以标识SCEP服务器可以接受哪个证书进行身份验证。它可以在可信证书中生成。如果需要,请选择一个可选的CA加密证书,以标识SCEP服务器可以接受加密数据信息的证书。它可以在可信证书中生成。填写可选的CA标识符以标识可用于签名证书的CA。保存单击保存按钮保存配置。后退单击后退按钮时,屏幕将返回上一页。应用导入按钮后,将显示导入屏幕。您可以从现有证书文件导入证书,或直接粘贴PEM编码的字符串作为证书。EW200 Industrial Cellular Gateway 163导入项目值设置描述导入所需设置从用户计算机中选择证书文件,然后单击应用按钮将指定的证书文件导入网关。PEM编码1。字符串格式,任意文本2。必需设置这是导入证书的另一种方法。您可以直接填写(复制和粘贴)PEM编码的证书字符串,然后单击应用按钮将指定的证书导入网关。应用单击应用按钮导入证书。取消单击取消按钮放弃导入操作,屏幕将返回“我的证书”页面。EW200工业蜂窝网关164 3.4.3可信证书可信证书包括可信CA证书列表、可信客户端证书列表和可信客户端密钥列表。受信任CA证书列表包含外部受信任CA的证书。受信任的客户端证书列表包含您信任的其他证书。受信任的客户端密钥列表包含您信任的其他密钥。自签名证书使用场景场景应用程序计时(与“我的证书”部分中所述相同)当企业网关拥有根CA和VPN隧道功能时,它可以生成自己签名的本地证书。它还为其他CA和客户端导入受信任的证书。这些证书可用于两个远程对等方在建立VPN隧道时确认其身份。场景描述(与“我的证书”一节中描述的相同)网关1生成根CA和自己签名的本地证书(HQCRT)。
n Organization(O) is the name of your organization. Organization Unit(OU) is the name of your organization unit. Common Name(CN) is the name of your organization. Email is the email of your organization. It has to be email address format. Extra Attributes Required setting This field is to specify the extra information for generating a certificate. Challenge Password for the password you can use to request certificate revocation in the future. Unstructured Name for additional information. SCEP Enrollment Required setting This field is to specify the information for SCEP. To generate a certificate signing request (CSR) and have it signed by SCEP server online, check the Enable box. Select a SCEP Server to identify the SCEP server for use. The server detailed information can be specified in External Servers. Refer to Object Definition > External Server > External Server. Click the Add Object button to generate. Select a CA Certificate to identify which certificate can be accepted by SCEP server for authentication. It can be generated in Trusted Certificates. Select an optional CA Encryption Certificate, if it is required, to identify which certificate can be accepted by SCEP server for encryption data information. It can be generated in Trusted Certificates. Fill in optional CA Identifier to identify which CA can be used for signing certificates. Save Click the Save button to save the configuration. Back When the Back button is clicked, the screen will return to previous page. When the Import button is applied, an Import screen will appear. You can import a certificate from an existing certificate file, or directly paste a PEM encoded string as the certificate. EW200 Industrial Cellular Gateway 163 Import Item Value setting Description Import Required setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the gateway. PEM Encoded 1. String format, any text 2. Required setting This is an alternative approach to import a certificate. You can directly fill in (Copy and Paste) the PEM encoded certificate string, and click the Apply button to import the specified certificate to the gateway. Apply Click the Apply button to import the certificate. Cancel Click the Cancel button to discard the import operation and the screen will return to the My Certificates page. EW200 Industrial Cellular Gateway 164 3.4.3 Trusted Certificate Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key List. The Trusted CA Certificate List contains the certificates of external trusted CAs. The Trusted Client Certificate List contains the others' certificates that you trust. The Trusted Client Key List contains the others’ keys that you have trusted. Self-signed Certificate Usage Scenario Scenario Application Timing (same as described in "My Certificate" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates being signed by itself. It also imports trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to confirm their identity when establishing a VPN tunnel. Scenario Description (same as described in "My Certificate" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself.
