For encryption and secure identification, HTTPS and FTPS protocols in the protection relay use public key certificates that bind together a public key with an identity, that is, information such as the name of an organization, their address and so on. The server certificate used by the protection relay is generated by the relay itself as a self-signed certificate and not issued by any certification authority (CA).
Certificates use encryption to provide secure communication over the network. A self-signed X.509 certificate and an RSA key-pair with key-length of 1024 bits is generated by the protection relay. The RSA key stored in the certificate is used to establish secure communication.
The certificate is used to verify that a public key belongs to an identity. In case of HTTPS, the WHMI server in the protection relay presents the certificate to the Web client giving the client the public key and the identity of the server. The public key is one part of an asymmetric key algorithm in which one key is used to encrypt a message and another key is used to decrypt it. The public private key pair (asymmetric key) is used to exchange the symmetric key, which is used to encrypt and decrypt the data that is exchanged between server and client.
Messages encrypted with the public key can only be decrypted with the other part of the algorithm, the private key. Public and private key are related mathematically and represent a cryptographic key pair. The private key is kept secret and stored safely in the protection relay, while the public key may be widely distributed.
Once the protection relay certificate has been manually trusted in a separate dialog box, the certificate is trusted in communication between the relay and PCM600. For WHMI use, the certificate signed by the protection relay must be accepted in the Web browser when opening the connection to WHMI.