For encryption and secure identification, HTTPS and FTPS protocols in the protection device use public key certificates that bind together a public key with an identity, that is, information such as the name of an organization, their address and so on. The server certificate used by the protection device is generated by the device itself as a self-signed certificate and not issued by any certification authority (CA).
Certificates use encryption to provide secure communication over the network. A self-signed X.509 certificate and an RSA key-pair with key-length of 2048 bits is generated by the protection device. The RSA key stored in the certificate is used to establish secure communication.
The certificate is used to verify that a public key belongs to an identity. In case of HTTPS, the WHMI server in the protection device presents the certificate to the Web client giving the client the public key and the identity of the server. The public key is one part of an asymmetric key algorithm in which one key is used to encrypt a message and another key is used to decrypt it. The public private key pair (asymmetric key) is used to exchange the symmetric key, which is used to encrypt and decrypt the data that is exchanged between server and client.
Messages encrypted with the public key can only be decrypted with the other part of the algorithm, the private key. Public and private key are related mathematically and represent a cryptographic key pair. The private key is kept secret and stored safely in the protection device, while the public key may be widely distributed.
Once the protection device certificate has been manually trusted in a separate dialog box, the certificate is trusted in communication between the device and PCM600. For WHMI use, the certificate signed by the protection device must be accepted in the Web browser when opening the connection to WHMI.