1. Security Guide
  2. Security on the SL4000
  3. Certificates for HTTPS Interfaces

Certificates for HTTPS Interfaces

To ensure the security of connections over HTTPS, a certificate is required on the library.

The library supports three certificate types:

  • Default certificate (weak encryption, not recommended for use beyond installation)
  • Self-signed certificate (strong encryption, but requires a security exception in the browser)
  • Third-party signed certificate (strong encryption, guaranteed security, automatically accepted by most browsers)

During initial installation, the library uses the default certificate. You should replace it by generating a new self-signed certificate (see "Generate a Self-Signed Certificate" in the SL4000 Library Guide). Using a self-signed certificate is secure, but will cause browsers to generate a warning when connecting to the library. To avoid this warning, you must configure a security exception in the browser or install a third-party signed certificate.

After generating a self-signed certificate, you may install a third-party signed certificate which offers the strongest encryption and security, and eliminates the need for a browser security exception. Creating a properly signed certificate is a two step process. First, download the certificate signing request (CSR) from the library and submit the CSR to a third-party certifying authority (CA). Then, once the CA creates the signed certificate, upload it to the library along with a copy of the CA's certificate (see "Install a Third-Party-Signed Certificate" in the SL4000 Library Guide). Provided the certificate is signed by a well known CA, the browser will connect over HTTPS without warnings.