User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo CC MP 5.0 BACnet Server, BACnet Protocol Implementation Conformance Statement (PICS), Basic Documentation

Cybersecurity Basics

SSL Certificates

24 | 85

A6V11646120_enUS_b_40

SSL Certificate Format

PEM Format

Most CAs (Certificate Authority) provide certificates in PEM format in Base64 ASCII

encoded files. The certificate file types can be .pem, .crt, .cer, or .key. The .pem file

can include the server certificate, the intermediate certificate and the private key in a

single file. The server certificate and intermediate certificate can also be in a separate

.crt or .cer file. The private key can be in a .key file.

PEM files use ASCII encoding, so you can open them in any text editor such as

Notepad, Word, and so on.

Each certificate in the PEM file is contained between the statements:

---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----.

The private key is contained between the statements:

---- BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY---

--.

The CSR is contained between the statements:

-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE

REQUEST-----

PKCS#7 Format

The PKCS#7 format is a Cryptographic Message Syntax Standard. The PKCS#7

certificate uses Base64 ASCII encoding with file extension .p7b or .p7c. Only

certificates can be stored in this format, not private keys.

The P7B certificates are contained between the statements:

"-----BEGIN PKCS7-----" and "-----END PKCS7-----"

DER Format

The DER certificates are in binary form, contained in .der or .cer files. These

certificates are mainly used in Java-based web servers.

PKCS#12 Format

The PKCS#12 certificates are in binary form, contained in .pfx or .p12 files.

The PKCS#12 can store the server certificate, the intermediate certificate and the

private key in a single .pfx file with password protection. These certificates are mainly

used on the Windows platform.

CAs provide certificates in any of the above formats.

Install an SSL Certificate

Here follows the steps for installing an SSL certificate on your web server.

Installation of an SSL certificate depends on many things such as where you

generated the CSR, the type of certificate files you obtained from the CA, the types of

certificate files your web server supports and so on.

The following are the steps involved in the process:

1. Gather the necessary files.

2. Identify the certificate file type and format your web server requires.

3. Convert the certificate file type to web server compatible files.

4. Install the certificates on your web server.

5. Bind the installed SSL certificate to your website.

6. Test the certificate.