Top

Generating a Private Key

Steps
  1. Enter openssl genrsa -aes256 -out your_device.key 2048
    Note: The following step is optional.
  2. Enter cp your_device.key your_device.key.orig
  3. Enter openssl rsa -in your_device.key.orig -out your_device.key to remove the passphrase.
    Example
    [root@localhost mycert]# cp 192.168.1.31.key 192.168.1.31.key.orig
[root@localhost mycert]# openssl rsa -in 192.168.1.31.key.orig -out 192.168.1.31.key
Enter pass phrase for 192.168.1.31.key.orig:
writing RSA key 

[root@localhost mycert]#
Result
A private key is generated with:
  • a length of 2048 bits
  • encryption with a 256 bit AES algorithm.

The output filename is your_device.key.

Top

Creating a Certificate Signing Request (CSR) from a Private Key

Steps
Enter openssl req -new -key your_device.key -out your_device.csr -sha256
Result

A CSR is generated from the private key created in the Generating a Private Key procedure with a SHA256 signature algorithm. This is a result example.

[root@localhost mycert]# openssl req -new -key 192.168.1.31.key -out 192.168.1.31.csr -sha256
Enter pass phrase for 192.168.1.31.key:
You are about to be asked to enter information that will be incorporatedinto your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blankFor some fields there will be a defaultvalue,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:CA
State or Province Name (full name[]:Quebec
Locality Name (eg, city) [Default City]:Montreal
Organization Name (eg, company) [Default Company Ltd]:Media5
Organizational Unit Name (eg,section)[]:TAC
Common Name (eg, your name or your server's hostname)[]:192.168.1.31
Email Address[]:tac@media5corp.com
 
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []
:An optional company name []:
[root@localhost mycert]#
Top

Signing the CSR file by Your Own Certificate Authority (CA)

Use this procedure if your certificates are signed by a Certificate Authority you have access to.

Steps
Enter openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days 3652 -in your_device.csr -CA CA.crt -CAkey CA.key -CAserial CA.srl -out your_device.crt
Note:
  • CA.key is the private key of your CA
  • CA.crt is the CA’s public certificate
  • CA.srl is the serial number file
  • 3652 days is the validity period of the certificate
  • host_ext.cnf defines the usage of the certificate. It contains:
    [ host_ext ]
basicConstraints = CA:false
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
Result
This is a result example. 
[root@localhost mycert]# openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days
3652 -in 192.168.1.31.csr -CA CA.crt -CAkey CA.key -CAserial CA.srl -out 192.168.1.31.crt
Signature ok
subject=/C=CA/ST=Quebec/L=Montreal/O=Media5/OU=TAC/CN=192.168.1.31/emailAddress=tac@media5corp.com
Getting CA Private Key
Enter pass phrase for CA.key:
root@localhost mycert]#
When the certificate will be imported to the Mediatrix unit, the information defined for the keyUSage of the host_ext.cnf file will be displayed in Management>Certificates/Host Certificates table, under the Usage column.
Top

Signing the CSR by a Third Party Certificate Authority (CA)

Use this procedure if your certificates are signed by a Certificate Authority you do not have access to.

Steps
Send your CSR to the Third Party Certificate Authority agency responsible for signing your Certificate Signing Request.
Note: VeriSign or Entrust are examples of Third Party Certificate Authority Agencies.
Top

Self-signing the CSR File

Use this procedure if your certificates are self-signed, i.e. security is not an issue.

Steps
Enter openssl x509 -req -extfile host_ext.cnf -extensions host_ext -sha256 -days 3652 -in your_device.csr -signkey your_device.key -out your_device.crt
IMPORTANT: The command must be entered on a single line, otherwise it will not work.
Note:

host_ext.cnf is a file containing the following which defines the usage of the certificate: 

[ host_ext ]
basicConstraints = CA:false
keyUsage = digitalSignature, keyEncipherment,dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
Top

Combining the Private Key and the Signed Certificate

Context

The host certificate required by the Mediatrix contains two parts: the private key and the signed certificate.

Steps
Enter cat your_device.key your_device.crt > your_device.pem
Result
This is a result example:
[root@localhost mycert]# cat 192.168.1.31.key 192.168.1.31.crt > 192.168.1.31.pem
[root@localhost mycert]# more 192.168.1.31.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6
uyFldRoDnm6wBHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH
+qjHArwYmYQdEQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlL
Qfv2hZAXqSdutmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+Xkwlp
pIdYyIHi+5TgWz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0Ha
DpjAPgKWUaaJPHrC8k+gsu6WiO+dCRcUWnX47QIDAQABAoIBAQCnEMFia3iCED44
L5BCKPXGOI2ovXPq3MM5HVTYbABo8ykHtzA0Ln8NNU5GD1PiqMNHklO/A6D9z39l
yeud9fKSR85dlOy3YhRUqWX4ZxjkjHrPpdB6aoBQUOsnLnVG4wjfPyNfiNEPf4kO
EbmJJyEQjHlxiCIiUROsfM5mTInPSZ3Glgm9l3gRZCBBLLf6js+NilYYi2ASyw6i
F1+Kxw0KTvxKa1TR0HYH35urPW528dFyZp8/f2QUUSM4aN5uQrKj8jDwEOIORsW6
+ybzMOpIbbS2I+cbmtDgr5KjjlE1+7dMY3K/hUmUkE+FPZiJf3v8vFFsRucAQCxq
1lg33ogBAoGBAOjZLXyIiz1ORC/poRyMEhQ8xRUQaZiI279/J7N426F1G4An8yUl
8Qcmj2PXraLwnl6kX08Mmul7DN78BD0C7LSKK17PIFMH3NV8vWM8eWaE7nP9EqAJ
l0LtOgN2t+WeNL/Mc551XeBCCG9Ifg+pfnjF8kDPjqTe+8U4BEt4dYQxAoGBAM2s
K9vLoXoxJ5Oay+ojTMYSuqPfEIND9WuzUJvLAjtgJGKUJsXYUnk5zVZ2IYRMt2EV
nCuAsemwComgDfLimcAEhUzGURG6t0pB7u2FWYiLm+ZJquCxl66p7zrQ/3hc2Q+Y
61mJ3lEay/IIrksS807PCk/k8q9tmGOYg7mQcP19AoGATzg8coceIFB1gHuTFdxN
9laqkr0PwBan9OH1BumSh78JCTQOVFAxTcZ/uG9TowEMUJTJ3GIkflUgDuldI8jP
8aikktATZkxhhLy4zn9vqkKFwi6S3KIGtX1yZGVKsbN+rNaJa5rwwnCU4A+g3AFF
hx+JiSVUmaFHtVSWmXq1OLECgYAomyRxmauA33GL39UAngWLWalFr0WoVOOAZv+0
Mol3RY0JdWyORR5LVtEmj94gK7FM1qJlqFv34kzCTTpTyM9ILNxQgxsAYBfN7mSI
unopzj5yYfr9r7Jdxqk3uImnrtUgEjXtEJ427w5y86nNoqks1w2XJoGPhxi+GR9w
pIbaVQKBgBX/k9qc/wXf8uI6R650Jn8HiFFI0nr6brscnmd0OD7bJPf2b4tKv1ap
CwSWj/BxYt9agncccXyEG8vHVLCtJYNYHJ/+OwID0ttN9dLE2fLPV1sgigMSY9oP
R9KrLT+LPKL1V11s033vuLcD6jOknH2klKNRsNyxjGt+of0YxRaw
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIJAOcfWOxpBWD+MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
VQQGEwJDQTEPMA0GA1UECAwGUXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0G
A1UECgwGTWVkaWE1MQwwCgYDVQQLDANUQUMxFjAUBgNVBAMMDTE5Mi4xNjguMS4y
MjYxITAfBgkqhkiG9w0BCQEWEnRuZ0BtZWRpYTVjb3JwLmNvbTAeFw0xNTEyMDEx
MTQ4MThaFw0yNTExMzAxMTQ4MThaMIGKMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG
UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEPMA0GA1UECgwGTWVkaWE1MQwwCgYD
VQQLDANUQUMxFTATBgNVBAMMDDE5Mi4xNjguMS4zMTEhMB8GCSqGSIb3DQEJARYS
dGFjQG1lZGlhNWNvcnAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuxKDO66oKOigcHQ1r1lnXLiQT9R0oQkE/ppODo9vXZVsc8D6uyFldRoDnm6w
BHbbrhLgBfsZ5nVHwZ2KCsjJB2THehDXUskLS/4EWMveLcrzGygH+qjHArwYmYQd
EQrYrd/RqkDgnR2j9gocZBRXBfAWYtLgacJe4xlPy317JyR7YrlLQfv2hZAXqSdu
tmYJCysO405oEv1Dv7kfIDQvxP74Qsh0JgmW4Kq0eQdkfo+XkwlppIdYyIHi+5Tg
Wz4YoMRbZHZfKF+VdwOGAeSy2X+QCmHP81GR+SPefHzzn9oUk0HaDpjAPgKWUaaJ
PHrC8k+gsu6WiO+dCRcUWnX47QIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQE
AwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEL
BQADggEBAEX1sxk/Ad4aVOrPk2oE/dzOmFmq4LeucYw9uJ6F7SdewAU8pghXMvBu
cOwvToFdEmRTvPmsDghsPmxSgTyL4DBwfJ2YbPfoFK6BDnZAmU3gw37+WXY0w7tW
1ea+kWN4v6Dv/GaOuBxQ4pAN2lQaDc99fMSp3G3TCFW4lh0lBEeBxvZOpHwuLrcd
1IbdPNy7z13Ko0639B935Lj1CRGpzEvgSgGtcMhkLifLAL7dhlVcU7fLIAOz5Kov
A7OESnlj8V8DuVirBTNUKGqgY/36g87e7n8g84Xse86vEFhppKzCcZtDIKQ5KvTv
+iLgQLs9mjHAUruNV9+JJx1spv8FZp0=
-----END CERTIFICATE-----
Top

Importing a Host Certificate through the Web Page

Before you begin
You must have an SNTP server for current date and time.
Steps
  1. Go to Management/Certificates.
  2. Click Activate unsecure certificate transfer.
  3. From the Type selection list, select Host.
  4. Click Browse and select the Host certificate.
  5. Click Apply
  6. In the Host Certificate Associations table, select the services that Host Certificate should be associated with.
    Note: A Host certificate is by default associated with all services. Several Host Certificates can be imported and associated with one or several services.
  7. Click Import.
  8. Click Apply.
Result
This is an example of the result of a Host Certificate imported and associated with all services.

Top

Importing any Certificate through a Configuration Script

Context

To use the Cert.InstallCertificate command, the provided content must be a valid certificate file encoded in Base64.

Under Linux system: base64 --wrap=0 myCertificate.crt > myBase64File.txt

With OpenSSL tool: openssl base64 -A -in myCertificate.crt -out myBase64File.txt

Steps
  1. Prepare the configuration script file with the wanted Cert.InstallCertificate command line to execute.
    IMPORTANT: The FileContent argument requires the Base64 encoding of the whole certificate file, including the portions that may be already in Base64.
    IMPORTANT: Double quotes must be used around the Base64 value of the FileContent argument.
    Cert.InstallCertificate
 Name="MyCertificate.crt" Type="Host"
 FileContent="LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ
pNSUlFb3dJQkFBS0NBUUVBdXhLRE82Nm9LT2lnY0hRMXIxbG5YTGlRVD
lSMG9Ra0UvcHBPRG85dlhaVnNjOEQ2CnV5RmxkUm9E...RESUtRNUt2V
HYKK2lMZ1FMczltakhBVXJ1TlY5K0pKeDFzcHY4RlpwMD0KLS0tLS1FT
kQgQ0VSVElGSUNBVEUtLS0tLQ=="
    Note: For more details about the Cert.InstallCertificate command, refer to the DGW Configuration Guide - Reference Guide published on the Media5 Documentation Portal.
    Note: For more details on size limitation with configuration script file, refer to the DGW Configuration Guide - Limitations of DGW Platforms document published on the Media5 Documentation Portal
  2. Go to Management/Configuration Scripts/Execute.
  3. If you are not using HTTPS, click Activate unsecure file importation from the Web browser.
  4. In the Upload Script Through Web Browser table, browse to the location of the file you wish to import.
  5. Click Upload and Execute.
Result
The certificate will be inserted in the Management/Certificates page.
Top

Online Help

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will bedisplayed.

Top

DGW Documentation

Mediatrix devices are supplied with an exhaustive set of documentation.

Mediatrix user documentation is available on the Media5 Documentation Portal.

Several types of documents were created to clearly present the information you are looking for. Our documentation includes:
  • Release notes: Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
  • Configuration notes: These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
  • Technical bulletins: These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
  • Hardware installation guide: They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
  • User guide: The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
  • Reference guide: This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.
Top

Copyright Notice

Copyright © 2023 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.