IS200DTCIH1 IS200DTCIH1机器人模块卡件
导入受信任的客户端密钥应用“导入”按钮后,将显示“受信任的客户机密钥导入”屏幕。您可以从现有文件导入受信任的客户端密钥,或直接粘贴PEM编码的字符串作为密钥。受信任客户端密钥列表项目值设置描述从文件导入所需设置从连接的计算机选择证书密钥文件,然后单击应用按钮将指定的密钥文件导入网关。从PEM 1导入。字符串格式,任意文本2。必需设置这是导入证书密钥的另一种方法。您可以直接输入(复制和粘贴)PEM编码的证书密钥字符串,然后单击应用按钮将指定的证书密钥导入网关。应用单击应用按钮导入证书密钥。取消单击取消按钮放弃导入操作。屏幕将返回到受信任的证书页面。EW200工业蜂窝网关169 3.4.4颁发证书当您有需要由设备的根CA认证的证书签名请求(CSR)时,您可以在此处颁发请求并让根CA对其进行签名。颁发证书有两种方法。一种是从管理PC导入CSR文件,另一种是将CSR代码复制粘贴到网关的基于web的实用程序中,然后单击“签名”按钮。如果网关成功签署CSR,“签署的证书视图”窗口将显示生成的证书内容。此外,“下载”按钮将用于将证书下载到管理PC的文件中。自签名证书使用场景应用程序计时(与“我的证书”部分中所述相同)当企业网关拥有根CA和VPN隧道功能时,它可以生成自己签名的本地证书。它还为其他CA和客户端导入受信任的证书。这些证书可用于两个远程对等方在建立VPN隧道时确认其身份。场景描述(与“我的证书”一节中描述的相同)网关1生成根CA和自己签名的本地证书(HQCRT)。它还导入一个受信任的证书(BranchCRT)——网关2的BranchCSR证书,由网关1的根CA签名。网关2创建一个CSR(BranchCSR),让网关1的根CA将其签名为BranchCRT证书。它将证书作为本地证书导入网关2。此外,它还将网关1的根CA的证书作为可信证书导入网关2。(请参阅“我的证书”和“受信任的证书”部分)。EW200工业蜂窝网关170它将建立一个IPsec VPN隧道,从任何一个对等点开始使用IKE和X.509协议,这样这两个子网中的所有客户端主机都可以相互通信。总部网络A的参数设置示例(与“我的证书”部分中所述相同)下表列出了参数配置,作为IPsec VPN隧道建立的用户身份验证中使用的“颁发证书”功能的示例,如上图所示。配置示例必须与“我的证书”和“受信任的证书”部分中的示例结合起来,以完成整个用户场景的设置。配置路径[颁发证书]-[证书签名请求
Import Trusted Client Key When the Import button is applied, the Trusted Client Key Import screen will appear. You can import a Trusted Client Key from an existing file, or directly paste a PEM encoded string as the key. Trusted Client Key List Item Value setting Description Import from a File Required setting Select a certificate key file from a connected computer, and click the Apply button to import the specified key file to the gateway. Import from a PEM 1. String format, any text 2. Required setting This is an alternative approach to importing a certificate key. You can directly enter (Copy and Paste) the PEM encoded certificate key string, and click the Apply button to import the specified certificate key to the gateway. Apply Click the Apply button to import the certificate key. Cancel Click the Cancel button to discard the import operation. The screen will return to the Trusted Certificates page. EW200 Industrial Cellular Gateway 169 3.4.4 Issue Certificate When you have a Certificate Signing Request (CSR) that needs to be certified by the root CA of the device, you can issue the request here and let the Root CA sign it. There are two approaches to issue a certificate. One is importing a CSR file from the managing PC and ather is to copy-paste the CSR codes in gateway’s web-based utility, and then click the "Sign" button. If the gateway signs a CSR successfully, the "Signed Certificate View" window will show the resulting certificate contents. In addition, a "Download" button will be available for downloading the certificate to a file to the managing PC. Self-signed Certificate Usage Scenario Scenario Application Timing (same as described in "My Certificate" section) When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own local certificates signed by itself. It also imports trusted certificates for other CAs and Clients. These certificates can be used for two remote peers to confirm their identity when establishing a VPN tunnel. Scenario Description (same as described in "My Certificate" section) Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. It also imports a trusted certificate (BranchCRT) – a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1. Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it as the BranchCRT certificate. It imports the certificate into Gateway 2 as a local certificate. In addition, it also imports the certificates of the root CA of Gateway 1 into Gateway 2 as trusted ones. (Refer to "My Certificate" and "Trusted Certificate" sections). EW200 Industrial Cellular Gateway 170 It will establish an IPsec VPN tunnel with IKE and X.509 protocols starting from either peer, so that all client hosts in these both subnets can communicate with each other. Parameter Setup Example (same as described in "My Certificate" section) For Network-A at HQ The following tables list the parameter configuration as an example for the "Issue Certificate" function used in the user authentication of IPsec VPN tunnel establishing, as shown in the above diagram. The configuration example must be combined with the ones in "My Certificate" and "Trusted Certificate" sections to complete the setup for whole user scenario. Configuration Path [Issue Certificate]-[Certificate Signing Request
