A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows relying parties to depend upon signatures or assertions made by the private key that corresponds to the public key that is certified. A router can generate a self-signed certificate, a certificate created by a network administrator. It can also send out requests to Certificate Authorities (CA) to apply for a digital identity certificate. It is important to have legitimate certificates from third party applications.
The objective of this article is to show you how to create and manage certificates on the RV34x Series Router.
Manage Certificates on the Router
Step 1. Log in to the web-based utility of the router and choose Administration > Certificate.
Step 2. Click Generate CSR/Certificate. You will be brought to the Generate CSR/Certificate page.
Step 3. Choose the appropriate certificate type from the Type drop-down list. The options are:
Self-Signing Certificate — This is a Secure Socket Layer (SSL) certificate which is signed by its own creator. This certificate is less trusted, as it cannot be cancelled if the private key is compromised somehow by an attacker.
Certified Signing Request — This is a Public Key Infrastructure (PKI) which is sent to the certificate authority to apply for a digital identity certificate. It is more secure than self-signed as the private key is kept secret.
Note: In this example, Self-Signing Certificated is used.
Step 4. Enter a name for your certificate in the Certificate Name field to identify the request. This field cannot be blank nor contain spaces and special characters.
Note: For this example, SSLCert is used.
Step 5. (Optional) Under the Subject Alternative Name area, click a radio button. The options are:
IP Address — Enter an Internet Protocol (IP) address
FQDN — Enter a Fully Qualified Domain Name (FQDN)
Email — Enter an email address
Note: For this example, FQDN is chosen.
Step 6. In the Subject Alternative Name field, enter the FQDN.
Note: In this example, spprtfrms is used.
Step 7. Choose a country name in which your organization is legally registered from the Country Name drop-down list.
Note: For this example, US was chosen.
Step 8. Enter a name or abbreviation of the state, province, region, or territory where your organization is located in the State or Province Name(ST) field.
Note: For this example, NY is used.
Step 9. Enter a name of the locality or city in which your organization is registered or located in the Locality Name field.
Note: For this example, Queens is used.
Step 10. Enter a name under which your business is legally registered. If you are enrolling as a small business or sole proprietor, enter the name of the certificate requester in the Organization Name field. Special characters cannot be used.
Note: For this example, Ponderlust Systems Inc is used.
Step 11. Enter a name in the Organization Unit Name field to differentiate between divisions within an organization.
Note: For this example, I Rand Biz is used.
Step 12. Enter a name in the Common Name field. This name must be the fully-qualified domain name of the website for which you use the certificate for.
Note: For this example, ponderlustsystemsinc.com is used.
Step 13. Enter the Email Address of person who wants to generate the certificate.
Note: For this example, firstname.lastname@example.org is used.
Step 14. From the Key Encryption Length drop-down list, choose a key length. The options are 512, 1024, and 2048. The greater the key length, the more secure the certificate.
Note: For this example, 2048 is used.
Step 15. In the Valid Duration field, enter the number of days the certificate will be valid. The default is 360.
Note: For this example, 365 is used. If you chose Certified Signing Request in Step 2, skip to Step 16.
Step 17. (Optional) To generate another certificate, repeat Steps 2-16.
Note: The generated certificate should now appear in the Certificate Table.
You should now have successfully created a certificate on the RV34x Series Router.
Export a Certificate
Step 1. In the Certificate Table, check the check box of the certificate you want to export.
Note: For this example, Default is chosen. Default cannot be deleted nor imported.
Step 2. Click on Export.
Step 3. Click a format to export the certificate. The options are:
PKCS #12 — Public Key Cryptography Standards (PKCS) #12 is an exported certificate that comes in a .p12 extension. A password will be required in order to encrypt the file to protect it as it is exported, imported, and deleted.
PEM — Privacy Enhanced Mail (PEM) is often used for web servers for their ability to be easily translated into readable data by using a simple text editor such as notepad.
Note: For this example, PKCS #12 is used. If you chose PEM, skip to Step 7.
Step 4. Enter a password to secure the file to be exported in the Enter Password field.
Step 5. Re-enter the password in the Confirm Password field.
Step 6. In the Select Destination area, PC has been chosen and is the only option currently available.