Directions for Installing SSL Certificates via the CLI

  • The first step is accessing your unit via the CLI interface.
  • Issue the unit a /N & select option 23 for web access

  • At the WEB ACCESS screen you will need to fill out the SSL Certificate options. (5 thru 11)

* Option 5 (common name) must already exist in DNS server

  • Select option 12 to create the CSR next.
    • It will prompt you to create a password, define password and hit enter

  • Next select the option to view CSR
    • It will prompt you to configure your terminal application to receive the file.
      • Make sure the file is captured as a binary file
      • For example in Tera term you check the binary box
      • Note that it takes approximately 2 ½ minutes to create cert
  • Submit the CERTIFICATE to a website that will create a signed certificate for you.
    • Note that Verisign may take a couple of days to process your request.
  • After having received the certificate select the option to import the CRT
    • Select Upload server key (navigate to where you have the signed Certificate)
    • Upload the server key in binary format
      • When using Tera Term, go to file=>send file (check binary), select open

* Note that because the file is small there will be no indicator that it has finished transferring. Import should be almost instantaneous.  ESC to exit the upload menu.

  • Next verify that the server key took by selecting view CSR and selecting enter to make sure it took.

(See Example Below)

  • Next you will need to toggle the web servers off and on.
    • Issue a “/n” and select the option for web. Set both HTTP and HTTPS to off.

ESC to save changes

  • Issue a “/n” and select the option for web. Now set both HTTP & HTTPS to on.
  • Next open your WEB browser and establish an HTTPS session.

(We are using Chrome in this example, directions may differ based on web browser and there updates)

  • Locate the lock symbol and select it.
  • Next select certificate information:

The “issued to” should show the common name and the “issued by” should show who issued the certificate. For example if you used Verisign it would show Verisign in that spot.