How to configure security settings and certificates in RX-RDP and RX300?

How to configure security settings and certificates in RX-RDP and RX300?

lease refer to RX300 & RX-RDP user configuration guide for additional details:  https://support.ncomputing.com/portal/kb/articles/rx300-rx-rdp-user-configuration-guide

The Security settings in RX-RDP and RX300 allow the management of Certification Authority and Client (personal) certificates, which are necessary when setting up Enterprise (802.1x) WiFi network connections.

Supported certificate file formats:

Certificate type

Supported certificate file format

Typical certificate file name extensions

Expected file name extension

Certification Authority (root or intermediate)

Base64-encoded X.509 (PEM)

.cer, .crt, .pem

.pem

Client

PKCS #12

.pfx, .p12

.p12

 

The file name extension of Certification Authority certificate file (like .cer, .crt, .pem, …) actually says nothing about the real internal format of the certificate file. Microsoft Windows uses the .cer file name extension for the Base64-encoded X.509 (PEM) certificates as well as for the binary encoded X.509 (DER) certificate files. Real certificate file format can be quickly determined by opening the certificate file in a text editor, like WordPad. If the file will contain random binary characters then the file is in unsupported binary (DER) format:


If the file will contain nicely formatted ASCII characters only, will start with
‘-----BEGIN CERTIFICATE-----‘ header and end with ‘-----END CERTIFICATE-----‘ footer, then the file is in PEM format and can be added as Certification Authority (root or intermediate CA) certificate to RX300 or RX-RDP thin client device:


Certificate files can be easily converted from DER to PEM format by opening them in Microsoft Windows, clicking the [Copy to file] button on the Details tab, and selecting the Base-64 encoded X.509 format in next step.

The certificate files to be added to the device must be uploaded to a web or FTP server and be accessible through HTTP, HTTPS, or FTP protocol.

Installing Certification Authority certificates

Follow the below steps to add a Certification Authority (root or intermediate CA) certificate:

1.       Make sure that the CA certificate file uploaded to your web or FTP server is in PEM format has the .pem extension. Covert the file from DER to PEM format if necessary and change the file name extension to .pem if it is .cer or .crt.

2.       In the Security section of Setup GUI select the Root and intermediate CA radio-button.

3.       Click the [ + ] button located below the list of installed certificates.

4.       In the Add Certificate dialog box enter the certificate file URL and click the [Add] button.

If a valid certificate file URL was specified the device will confirm a successful certificate download.

Installing Client certificates

Follow the below steps to add a Client (PKCS #12) certificate:

1.       Make sure that the certificate file uploaded to your web or FTP server has the .p12 extension. Change the file name extension to .p12 if it is .pfx.

2.       In the Security section of Setup GUI select the Client (PKCS #12) radio button.

3.       Click the [ + ] button located below the list of installed certificates.

4.       In the Add Certificate dialog box enter the certificate file URL and click the [Add] button.



5.       If a valid certificate URL was specified the device will ask for certificate password. This password is required to open the certificate file and read from it the certificate details.

If correct certificate password was specified the device will confirm a successful certificate download.

Removing certificates

To remove a certificate select a certificate type (CA or Client), select the certificate to be removed on the list, and click the [ - ] button located below the list.