PTP 300/500/600/650/670/700/800 support secure access to the web-based management using the standard HTTPS/TLS protocol. This protocol prevents eavesdropping on management traffic between a web browser and the ODU. The protocol also authenticates the ODU to the browser, so that you can be confident you’re connected the genuine ODU, not to some fake website intended to capture your usernames and passwords.
Standard Internet web-sites using HTTPS authenticate themselves using a public certificate with the URL as the subject. The public certificate is signed by a well-known Certificate Authority (CA) like Comodo and Symantec. These well-known CAs fulfil a vital role in the operation of the Internet. Your web browser uses a locally-stored Root CA certificate to check the authenticity of the public certificate offered by the web-site you’re visiting. Your browser trusts that the locally-stored Root CA certificate is genuine, because it is saved in a special folder of trusted certificates. Normally the store of trusted certificates contains the Root CA certificate for all of the well-known CAs.
We use the same technology for secure HTTPS access to PTP 300/500/600/650/670/700/800 units, except that for PTP ODUs the unit identifies itself by its IP address or by a DNS name (also known as a Fully Qualified Domain Name or FQDN), not its URL. The well-known CAs will not generate public certificates with an IP Address as the subject, for perfectly understandable reasons. However, if your organisation can generate and sign its own certificates, you can achieve very secure authentication and privacy, equivalent to the security of HTTPS in the Internet.
Many larger operators have an in-house information assurance or network security team that can handle certificate generation and signing. Not every organisation has the necessary security team, and so in this series of Knowledge Base topics we will provide practical information about generating your own keys and certificates using the popular open source software Open SSL.
Instructions for installing private keys and the associated certificates are provided in the PTP 670 User Guide.
To use HTTPS in Cambium PTP products, you need to apply the AES upgrade
Continue with this series of topics here: HTTPS in PTP 650/670 - Keys and certificates