Home > Support > Knowledge Base
Knowledge Base
 
Reset Search
Search
 

 

Knowledge

How to install digital certificate on the AnywhereUSB Products

« Go Back

Information

 
Article Number000005998
Problem Resolution
Configure AnywhereUSB encryption
You can encrypt AnywhereUSB traffic by installing a digital certificate on the device. This is an optional setting that allows a host computer to confirm the AnywhereUSB device authenticity and to encrypt USB-over-IP traffic. This digital certificate must be signed by a Trusted Certificate Authority (CA). Since an AnywhereUSB is not publicly accessible, an enterprise CA can self-sign the digital certificate.
 
To configure and enable encryption, you need to:
1 Create and validate the CA certificate.
2 Install the CA certificate on the AnywhereUSB device.
3 Enable the encrypted AnywhereUSB network service.
4 Install the CA certificate on the host computer.
 
Create and validate the CA certificate
Use OpenSSL tools to generate a CA certificate and then use it to sign device certificates.
 
1 Download the OpenSSL command line app from openssl.org.
 
2 Create a CA certificate (cacert.crt) and its private 2048-bit RSA key (cakey.pem) and store cakey.pem in a safe place. openssl req -nodes -new -newkey rsa:2048 -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650 -subj "[your email information]" Use the following email information string as an example: /C=US/ST=MN/L=Townname/O=Companyname/ OU=Department/emailAddress=email@company.com/ You will install cacert.crt on your host computer in a following step. Configure AnywhereUSB encryption AnywhereUSB 2/5/5M/14/TS44 User Guide 20
 
3 Generate a private 2048-bit RSA key for the server and store server.key in a safe place. openssl genrsa -out server.key 2048
 
4 Generate a Certificate Signing Request file server.csr. For example: openssl req -new -key server.key -out server.csr -subj "[your email information]"
 
5 With server.csr, generate the actual certificate (server.crt). openssl x509 -req -days 3650 -CA cacert.crt -CAkey cakey.pem -set_serial 001 -in server.csr -out server.crt
 
6 Now validate the certificates to each other. If this command is successful, the server.crt: OK message appears. If this command fails, an error message appears. The private CA key is not used in this step. openssl verify -CAfile cacert.crt server.crt
 
7 After successfully completing certificate validation in the previous step, concatenate server.crt and server.key to create server.pem. copy server.crt server.pem type server.key >> server.pem
 
Install the CA certificate on the AnywhereUSB device
Upload the CA certificate to the AnywhereUSB device using the AnywhereUSB web UI:
 
1 Open the AnywhereUSB web UI with a web browser.
 
2 Select Administration > X.509 Certificate/Key Management.
 
3 Click Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Certificates.
 
4 Click Identity Certificates and Keys.
 
5 Click the Choose File and browse to of server.pem file.
 
6 Click Upload.
 
 
Enable the Encrypted AnywhereUSB network service
You must enable the encrypted AnywhereUSB network service:
 
1 Open the AnywhereUSB web UI with a web browser.
 
2 Select Configuration > Network.
 
3 Click Network Services Settings.
 
4 Select the Enable Encrypted AnywhereUSB check box.
 
5 Clear the Enable AnywhereUSB check box, if it is selected.
 
Note:    Enable AnywhereUSB is enabled by default. Make sure to enable only the Encrypted AnywhereUSB network service. If both of the AnywhereUSB network services are enabled, you risk having unencrypted connections on the device.
 
6 Click Apply.
 
 
 
Install the CA certificate on the host computer
Use the AnywhereUSB Remote Hub Configuration Utility to install the CA certificate on the host computer.
 
1 Open the AnywhereUSB Remote Hub Configuration Utility.
2 Select your AnywhereUSB device.
3 Click Configure.
4 Select the Encrypt Connection check box.
 
Note Tunnel connections are automatically selected when you select Encrypt connection.
 
5 Browse to or type the path of the CA certificate (cacert.crt) in the Digital Certificate field.
6 Click Update.
 
 
 
If you need any further assistance, please refer to the AnywhereUSB installation Guide for further assistance:
 
http://ftp1.digi.com/support/documentation/90001085.pdf
 
 
If the AnywhereUSB installation Guide does not resolve your issue, please refer to the Digi Support for for further assistance.
 
http://www.digi.com/support
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255