Manualshelf

User's Manual

ManualsBrands7signal ManualsElectronics7Signal Sapphire
31323334353637383940
11 Creation And Use Of Encryption Keys 32
7signal Ltd, Panuntie 6, FI-00620 HELSINKI, FINLAND, +358 40 777 7611, info@7signal.com, www.7signal.com
7signal Sapphire Carat Carat User Guide Release 3.1
Private key PKCS12 (aka PFX)
As a corollary, a single PKCS12 formatted file that contains the CA certificate as well as the
private key, can be used in both of the cases.
If conversions are required to achieve these formats, please consult Your Certificate Authority.
In Linux and Unix environments OpenSSL is commonplace tool and can handle the conversions
required.
TIP: Microsoft environments have certificate files with file extension CER. The file
content format typically is DER. To turn DER files into PEM, please use the
command below:
openssl x509 informat DER in <yours>.cer outformat PEM out <target>.pem
Windows environments have extension “PFX” to mark a typical certificate container file type.
This format is exactly PKCS12 format that typically has “p12” extension in Linux/Unix world.
7signal Sapphire does not care about the extension but the internal format of the file.
11.4 Multiple Keys Per Eye
There is no limitation to number of keys per Eye or per Wireless Network. If there is only one
key bound to Wireless Network, that key shall be used every time this particular SSID is
associated with. On top of that, each Eye unit may be bound with eye specific key (right-click
on Eye in the topology).
The rationale is to support environments where the actual key dictates both access to the
access point in general and also the access level to the network services beyond the access
point.
11.4.1 Microsoft PKI Infrastructure
One commonplace certificate-based environment is implemented by Microsoft. Typically any
appliance shall have their own account (“machine-account”). It would very challenging to
make the linux-based Eye to serve Windows infrastructure with the proper certificate. An
applicable option is to create one user-account to be used by all Eye units.
When a user-account is in place, the authentication may be defined as follows: