Data Communication Security (TLS)

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), use asymmetric encryption for authentication. In some scenarios, only a server needs to be authenticated; in others both client and server authenticate each other. Once authentication is established, clients and servers use asymmetric encryption to exchange a secret key. Communication then proceeds with symmetric encryption, using this key.

TLS/SSL application hosts use separate digital certificates as a basis for authentication in both directions: to prove their own identity to the other party, and to verify the identity of the other party. In proving its own authenticity, the xPico 600 gateway will use its own "personal" certificate. In verifying the authenticity of the other party, the xPico module will use a "trusted authority" certificate.

On the gateway, you use a TLS Credential to configure the TLS properties between two communicating applications.

Creating a TLS Credential

The TLS Credential contains the private key and certificate details. You can use TLS for TCP and UDP connections as well as for secure HTTP Server.

Note

The xPico 600 supports TLS credentials only in the PKCS1 and PKCS12 formats (PKCS12 via Web Manager only).

Creating a TLS Credential is a two-step process.

STEP 1: Create a new TLS Credential

1. Create and name the credential. The new credential initially has empty certificate and private key values.

STEP 2: Configure the TLS Credential

1. Configure which TLS protocol versions the credential supports.
2. Copy and paste the private key into the credential.
3. Copy and paste the certificate into the credential.
4. Configure the Higher Authority and Trusted Authority instances, if necessary.

You can delete the TLS credential, which will delete the credential from any associated connections.

To configure TLS Credentials:

In Web Manager, go to TLS Credentials.

For the CLI, see Config TLS Credential level.

For XML, see Configgroup TLS Credential.