...
Parameters that allow you to configure TLS encryption based on public and private keys. TLS encryption is enabled if the "Partner Certificate(s)" parameter and/or the "My Certificate"/"My Key" pair is configured.
Note: TLS encryption based on certificate-based encryption takes precedence over pre-shared keys (Pre-shared keys, PSK) takes precedence, so if the "Pre-shared key" parameter is specified, the entire "TLS - Certificates" section is ignored-based encryption.
Partner certificate(s)
Trusted certificate(s) to authenticate the other communicating party. This parameter allows you to verify that the other party is trusted because its public key is signed by one of the configured certificates (certificate authorities).
...
Private key used by the D2000 KOM process. The path may contain the symbolic constant #APPDIR# indicating the application directory (e.g. D:\D2000\D2000_APP\MyApp).
Example: #APPDIR#/my.key
| Info | ||
|---|---|---|
| ||
Note 1: |
...
For security reasons, we recommend setting access to the private key so that it is only accessible to the user under which the D2000 KOM process is running (by default Local System on Windows and d2000 on Linux/RPI) Note 2: The private key can be protected by password encryption. In this case, enter the password for the key in the "Pre shared key" item in the "TLS pre shared key" section. Note 3: Setting a password for the private key is possible with the OpenSSL utility. Example of execution: the input is the unprotected key my.key, the output is the password-encrypted key my_protected.key, encryption method AES-256 is used. openssl.exe rsa -aes256 -in my.key -out my_protected.keyThe following encryption methods can be used:
OpenSSL-3.4 library no longer supports the following encryption types:
If you use diacritics (national characters) in your password, you must set the Windows code page to UTF-8 before using the OpenSSL utility with the command chcp 65001since in D2000, the texts are stored in UTF-8 encoding. |
"TLS pre shared key" section
...